How a Website can be Hacked?
Some of the key website database hacking techniques include:
- Password guessing/brute-forcingIf passwords are blank or weak then can be easily brute-forced/guessed.
- Passwords and data sniffed over the networkData and passwords can be easily sniffed if encryption is not used.
- SQL Injection attacksThere are several different ways to hack databases, and most of these techniques need SQL injection (SQLi), which is a method through which SQL commands are sent back to the database from a web form or other input. SQL allows websites to develop, recover, delete, and update database records. An SQL injection attack places SQL into a web form while trying to get the application to run it. Sometimes, hackers use automated tools to execute SQL injections on remote websites. They scan thousands of websites, testing different types of injection attacks until they are successful.
- Exploiting unknown/known vulnerabilitiesAttackers are capable of exploiting buffer overflows, SQL Injection, etc. in order to own the database server. The attack could be via a web application by exploiting SQL injection, so no authentication is needed. In this way, databases can be hacked from the Internet and firewalls are completely bypassed. This is considered to be one of the easiest and preferred methods that criminals employ to steal sensitive data such as social security numbers, customer information, credit cards, etc.
- Installing a rootkit/backdoorBy installing a rootkit, it is possible to hide database objects and actions so that administrators will not notice that someone has hacked the database and they will continue to have access. A database backdoor can be used to steal data and send it to attackers, giving them unrestricted access.
- DNS spoofingAlso known as DNS cache poisoning, this hacking technique is capable of injecting corrupt domain system data into a DNS resolver’s cache in order to redirect where a website’s traffic is sent. It is often used to send traffic from genuine websites to malicious websites containing malware. DNS spoofing can also be used to gather details about the traffic being diverted.
- Cross-site request forgeryCross-site request forgery (CSRF or XSRF) is a common malicious exploit of websites. It happens when unauthorized commands are transmitted from a user that a web application trusts. Usually, users are logged into the website, so they have a higher level of privileges, permitting the hacker to obtain account information, gain access to sensitive information or transfer funds. There are several ways for hackers to transmit forged commands including hidden forms and image tags. The user is just not aware that the command has been sent and the website also believes that the command has come from a genuine user.
- Denial of ServiceA denial of service (DoS) attack or Distributed denial of service (DDoS) attack floods a website with large volumes of Internet traffic, causing its servers to become overwhelmed and then crash. Most DDoS attacks are executed using computers that have been compromised with malware. Owners of infected computers may not even know that their machine is sending requests for data to your website.
- Cross Site Scripting (XSS)This is another attack often exploited by hackers for website hacking. It is treated to be one of the more difficult vulnerabilities to deal with because of the way it operates. Most XSS website hacking attacks employ malicious Javascript scripts that are embedded in hyperlinks. When the user clicks the link, it could hijack a web session, change the advertisements that are being displayed on a page, steal personal data, or take over a user account. Malicious links are inserted into social media websites, web forums, and other prominent locations where users will click them.
The primary form of SQL injection consists of the direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.2. CROSS SITE SCRIPTINGCross-site scripting (XSS) occurs when a user inputs malicious data into a website, which causes the application to do something it wasn’t intended to do. XSS attacks are very popular and some of the biggest websites have been affected by them including the FBI, CNN, eBay, Apple, Microsft, and AOL.
Some website features commonly vulnerable to XSS attacks are:
• Search Engines
• Login Forms
• Comment FieldsCross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.
3. REMOTE FILE INCLUSION
Remote file inclusion is the most often found vulnerability on the website.
Remote File Inclusion (RFI) occurs when a remote file, usually a shell (a graphical interface for browsing remote files and running your own code on a server), is included into a website which allows the hacker to execute server-side commands as the current logged on user, and have access to files on the server. With this power, the hacker can continue on to use local exploits to escalate his privileges and take over the whole system.
RFI can lead to the following serious things on the website :
- Code execution on the web server
- Code execution on the client-side such as Javascript which can lead to other attacks such as cross-site scripting (XSS).
- Denial of Service (DoS)
- Data Theft/Manipulation
4. LOCAL FILE INCLUSION
Local File Inclusion (LFI) is when you have the ability to browse through the server by means of directory transversal. One of the most common uses of LFI is to discover the /etc/passwd file. This file contains the user information of a Linux system. Hackers find sites vulnerable to LFI the same way I discussed for RFI’s.
Let’s say a hacker found a vulnerable site, www.target-site.com/index.php?p=about, by means of directory transversal he would try to browse to the /etc/passwd file:
www.target-site.com/index.php?p= ../../../../../../../etc/passwd
Simply called distributed denial of service attack. A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. In DDOS attack we consume the bandwidth and resources of any website and make it unavailable to its legitimate users.
Share your interest to learn about more.
Keep Learning Under Theweborion regular News.