Everyday, you search in Google, Yahoo, and other search engines, "How to Hack Websites?", "Methods to Hack Website", "Website Hacking", etc. Website Hacking have become a popular business or rather an interesting game for many people, reasons behind this hack is normally to prove their skills and to get fame, or anything else. As we know, "To catch a thief, we must think like a thief", like here also, we can conclude that to secure a things, we must first find insecure in it, then we can proceed on securing. So, before proceeding to the topic of securing we must first know what is insecure in it.
There are many drawbacks by which websites are compromised, these is
normally due to the poor management of site by the webmaster or admin.
So, the methods by which websites are hacked are:
- Cross-Site Scripting
- SQL Injection
- Remote File Inclusion
- Local File Inclusion
- Denial of Service Attack
- Brute-Force Attack
These are some of the common methods to hack a website, let's discuss
them below:
- Cross-site
Scripting: Cross-Site Scripting is a type of attack in which a hacker
inject script into webpages. Their effect may range from a pretty nuisance to a
significant security risk. By this way of injecting codes into webpages, a
hacker can gain access to sensitive page content, session cookies, and a variety
of other information which are maintained by the browser on behalf of the
user.
- SQL Injection: SQL stands for Structured
Query Language, SQL Injection is a another type of web application
vulnerability occurring in the database layer of an application. It is mostly
used for stealing sensitive data (like Username, Password, Email ID, many more).
It takes advantages of improper coding in the web application that allow the
attacker to inject SQL commands.
- Remote File
Inclusion:
Remote File Inclusion (RFI) allows an attacker to include a remote file, usually
through a script on the web server. A hacker usually upload a file (normally a
shell) by tricking the web server on the webpage.
- Local File
Inclusion: A
Local File Inclusion (LFI) is a method to include local files on runtime. This
is much same like RFI. This method involves the discovering of /etc/passwd file
in the web directory.
- Denial of Service
Attack: Denial
of Service Attack (DoS attack) or Distributed Denial of Service attack(DDoS
attack) is an attempt to make the computer resource unavailable to its users.
These are the common attack nowadays, its main purpose is to obstruct the
communication of the victim's computer by forcing the targeted computer(s) to
reset.
- Brute-Force Attack: Brute-Force Attack is a method in which an attacker tries to crack every possible letters of the password until the whole password is cracked. The main drawback of this attack is that it takes too much time while cracking the password, as it tries every possible character which can be a part of the password.
Some others
methods are DNS Hijacking, Insufficient Administration, Misconfiguration, Uses
of Trojans, many more.
My advice to all
the webmaster or admin is to check their site against these vulnerabilities as
to protect them from future attacks.
