body { background-image: url('https://thehacktoday.com/wp-content/uploads/2015/10/hacking-2.jpg') !important; }

Thursday 29 September 2016

10 MOST POPULAR WAYS HACKERS HACK YOUR WEBSITE



In my previous posts I discussed about creating an invisible folder and Introduction to hacking
Today I will discuss about different types of website attack.




10.  SQL INJECTION ATTACKS


Injection Attacking occurs when there are flaws in your SQL Database, SQL libraries, or even the operating system itself. Employees open seemingly credible files with hidden commands, or “injections”, unknowingly.


In doing so, they’ve allowed hackers to gain unauthorized access to private data such as social security numbers, credit card number or other financial data.

9.  CROSS SITE SCRIPTING ATTACKS

Cross Site Scripting, also known as an XSS attack, occurs when an application, url “get request”, or file packet is sent to the web browser window and bypassing the validation process. Once an XSS script is triggered, it’s deceptive property makes users believe that the compromised page of a specific website is legitimate.
For example, if www.abcd.com/xyz.html has XSS script in it, the user might see a popup window asking for their credit card info and other sensitive info.

8. BROKEN AUTHENTICATION AND SESSION MANAGEMENT ATTACKS

If the user authentication system of your website is weak, hackers can take full advantage.
Authentication systems involve passwords, key management, session IDs, and cookies that can allow a hacker to access your account from any computer (as long as they are valid).
If a hacker exploits the authentication and session management system, they can assume the user’s identity.

7. CLICKJACKING ATTACKS

Clickjacking, also called a UI Redress Attack, is when a hacker uses multiple opaque layers to trick a user into clicking the top layer without them knowing.
Thus the attacker is “hijacking” clicks that are not meant for the actual page, but for a page where the attacker wants you to be.
For example, using a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password for their bank account, but are actually typing into an invisible frame controlled by the attacker.

6. DNS CACHE POISONING

DNS Cache Poisoning involves old cache data that you might think you no longer have on your computer, but is actually “toxic”.
Also known as DNS Spoofing, hackers can identify vulnerabilities in a domain name system, which allows them to divert traffic from legit servers to a fake website and/or server.
This form of attack can spread and replicate itself from one DNS server to another DNS, “poisoning” everything in it’s path.

5. SOCIAL ENGINEERING ATTACKS

A social engineering attack is not technically a “hack”.
It happens when you divulge private information in good faith, such as a credit card number, through common online interactions such as email, chat, social media sites, or virtually any website.
The problem, of course, is that you’re not getting into what you think you’re getting into.

4. SYMLINKING – AN INSIDER ATTACK

A symlink is basically a special file that “points to” a hard link on a mounted file system.  A symlinking attack occurs when a hacker positions the symlink in such a way that the user or application that access the endpoint thinks they’re accessing the right file when they’re really not.
If the endpoint file is an output, the consequence of the symlink attack is that it could be modified instead of the file at the intended location. Modifications to the endpoint file could include appending, overwriting, corrupting, or even changing permissions.
In different variations of a symlinking attack a hacker may be able to control the changes to a file, grant themselves advanced access, insert false information, expose sensitive information or corrupt or destroy vital system or application files.

3. CROSS SITE REQUEST FORGERY ATTACKS

A Cross Site Request Forgery Attack happens when a user is logged into a session (or account) and a hacker uses this opportunity to send them a forged HTTP request to collect their cookie information.
In most cases, the cookie remains valid as long as the user or the attacker stays logged into the account.  This is why websites ask you to log out of your account when you’re finished – it will expire the session immediately.

2. REMOTE CODE EXECUTION ATTACKS

A Remote Code Execution attack is a result of either server side or client side security weaknesses.
Vulnerable components may include libraries, remote directories on a server that haven’t been monitored, frameworks, and other software modules that run on the basis of authenticated user access. Applications that use these components are always under attack through things like scripts, malware, and small command lines that extract information.

1. DDOS ATTACK – DISTRIBUTED DENIAL OF SERVICE ATTACK

DDoS attack is the most successful and widely used attack. It is as easy as ABC even a child of 9 with a basic knowledge of computer can do this attack successfully.
DDoS, or Distributed Denial of Services, is where a server or a machine’s services are made unavailable to its users.
And when the system is offline, the hacker proceeds to either compromise the entire website or a specific function of a website to their own advantage.
If You Enjoyed This Post Please Take 5 Seconds To Share It.

0 comments:

Copyright Tips-N-Tricks 2012-2016. Powered by Blogger.