Different ways to hack a WEBSITE
1. The Simple SQL Injection Hack
In its simplest form, this is how the SQL Injection works.
Suppose we enter the following string in a Username field:
' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT’
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’
Two things you need to know about this:
['] closes the [username] text field.
'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
2. Backdoor Injection-
Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
3.SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.
The following illustrative string is from Imperva.
http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS
There are vast swathes of information on SQL Injection available, here are a couple of good sources:
GovernmentSecurity.org
SecurityDocs.com
4. Cross Site Scripting (XSS)
XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we'll just have a quick look to get a feel for it.
XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.
Picture the scene: you're there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. 'Me nice gurl', she says. You've always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:
[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]
Hmmm…what the hell, let's give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.
When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.
Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.
XSS is mostly of concern to consumers and to developers of web applications. It's the family of security nightmares which keeps people like MySpace Tom and Mark Zuckerberg awake at night. So they're not all bad then, I suppose…
For additional resources on this topic, here's a great overview of XSS (PDF) and just what can be accomplished with sneaky links. And here's an in-depth XSS video.
5.Authorization Bypass
Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm
Authorization bypass, to gain access to the Admin backend, can be as simple as this:
Find weak target login page.
View source. Copy to notepad.
Delete the authorization javascript, amend a link or two.
Save to desktop.
Open on desktop. Enter anything into login fields, press enter.
Hey Presto.
6.Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
7.Google Hacking
This is by far the easiest hack of all. It really is extraordinary what you can find in Google's index. And here's Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.
Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.
... All info is for educational purposes only
In its simplest form, this is how the SQL Injection works.
Suppose we enter the following string in a Username field:
' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT’
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 — 'AND password = '’
Two things you need to know about this:
['] closes the [username] text field.
'' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = '' OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreck havoc.
Let's hope you got the gist of that, and move briskly on.
2. Backdoor Injection-
Using SQL commands in search forms can potentially do some extremely powerful things, like calling up usernames and passwords, searching the database field set and field names, and amending same. Do people really get hacked through their search forms? You better believe it. And through forums, and anywhere else a user can input text into a field which interacts with the database. If security is low enough, the hacker can probe the database to get names of fields, then use commands like INSERT INTO, UNION, and so forth to get user information, change product prices, change account settings/balances, and just about anything else… depending on the security measures in place, database architecture and so on.
3.SQL Injection in the Browser Address Bar
Injections can also be performed via the browser address bar. I don't mean to have a pop at Microsoft, but when it comes to such vulnerabilities, HTTP GET requests with URLs of the following form are most often held to be vulnerable:
http://somesite.com/index.asp?id=10
Try adding an SQL command to the end of a URL string like this, just for kicks:
http://somesite.com/index.asp?id=10 AND id=11
See if both articles come up. Don't shoot your webmaster just yet if it's your own site and you get two articles popping up: this is real low-level access to the database. But some such sites will be vulnerable. Try adding some other simple SQL commands to the end of URLs from your own site, to see what happens.
As we saw above, access to the database raises a number of interesting possibilities. The database structure can be mapped by a skilled hacker through ill-conceived visibility of error messages — this is called database footprinting — and then this knowledge of table names and so forth can be used to gain access to additional data. Revealing error messages are manna - they can carry invaluable table name and structural details.
The following illustrative string is from Imperva.
http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT username, password FROM USERS
There are vast swathes of information on SQL Injection available, here are a couple of good sources:
GovernmentSecurity.org
SecurityDocs.com
4. Cross Site Scripting (XSS)
XSS or Cross Site Scripting is the other major vulnerability which dominates the web hacking landscape, and is an exceptionally tricky customer which seems particularly difficult to stop. Microsoft, MySpace, Google… all the big cahunas have had problems with XSS vulnerabilities. This is somewhat more complicated than SQL Injection, and we'll just have a quick look to get a feel for it.
XSS is about malicious (usually) JavaScript routines embedded in hyperlinks, which are used to hijack sessions, hijack ads in applications and steal personal information.
Picture the scene: you're there flicking through some nameless bulletin board because, yes, you really are that lazy at work. Some friendly girl with broken English implores you to get in touch. 'Me nice gurl', she says. You've always wondered where those links actually go, so you say what the hell. You hover over the link, it looks like this in the information bar:
[%63%61%74%69%6f%6e%3d%274%74%70%3a%2f%2f%77%7…]
Hmmm…what the hell, let's give it a bash, you say. The one thing I really need right now is to see an ad for cheap Cialis. Maybe the linked page satisfies this craving, maybe not. Nothing dramatic happens when you click the link, at any rate, and the long day wears on.
When a link in an IM, email, forum or message board is hexed like the one above, it could contain just about anything. Like this example, from SandSprite, which helps steal a session cookie, which can potentially be used to hijack a session in a web application, or even to access user account details.
Stealing cookies is just the tip of the iceberg though — XSS attacks through links and through embedded code on a page or even a bb post can do a whole lot more, with a little imagination.
XSS is mostly of concern to consumers and to developers of web applications. It's the family of security nightmares which keeps people like MySpace Tom and Mark Zuckerberg awake at night. So they're not all bad then, I suppose…
For additional resources on this topic, here's a great overview of XSS (PDF) and just what can be accomplished with sneaky links. And here's an in-depth XSS video.
5.Authorization Bypass
Authorization Bypass is a frighteningly simple process which can be employed against poorly designed applications or content management frameworks. You know how it is… you run a small university and you want to give the undergraduate students something to do. So they build a content management framework for the Mickey Bags research department. Trouble is that this local portal is connected to other more important campus databases. Next thing you know, there goes the farm
Authorization bypass, to gain access to the Admin backend, can be as simple as this:
Find weak target login page.
View source. Copy to notepad.
Delete the authorization javascript, amend a link or two.
Save to desktop.
Open on desktop. Enter anything into login fields, press enter.
Hey Presto.
6.Password Cracking
Hashed strings can often be deciphered through 'brute forcing'. Bad news, eh? Yes, and particularly if your encrypted passwords/usernames are floating around in an unprotected file somewhere, and some Google hacker comes across it.
You might think that just because your password now looks something like XWE42GH64223JHTF6533H in one of those files, it means that it can't be cracked? Wrong. Tools are freely available which will decipher a certain proportion of hashed and similarly encoded passwords.
7.Google Hacking
This is by far the easiest hack of all. It really is extraordinary what you can find in Google's index. And here's Newsflash #1: you can find a wealth of actual usernames and passwords using search strings.
Copy and paste these into Google:
inurl:passlist.txt
inurl:passwd.txt
…and this one is just priceless…
“login: *” “password= *” filetype:xls
Such strings return very random results, and are of little use for targeted attacks. Google hacking will primarily be used for finding sites with vulnerabilities. If a hacker knows that, say, SQL Server 2000 has certain exploits, and he knows a unique string pushed out by that version in results, you can hone in on vulnerable websites.
... All info is for educational purposes only
GOODDDDDDDD WORKKKKKKKKKK
ReplyDeleteG8 JOB
ReplyDeletehaiiiiiiiiiiiiiiiiiiiiii
ReplyDeleteHowdy superb blog! Does running a blog such as this take a large amount of
ReplyDeletework? I have absolutely no knowledge of coding however I had been hoping to
start my own blog soon. Anyways, if you have any recommendations or tips for new blog owners please share.
I know this is off subject but I just had to ask. Appreciate
it!
Feel free to surf to my webpage ... visit the next web page
Thanks for the marvelous posting! I genuinely enjoyed reading it, you
ReplyDeletewill be a great author.I will make certain to bookmark your blog and will eventually come back in the future.
I want to encourage yourself to continue your great posts, have a
nice evening!
my web site contextual link building
Greetings! I know this is kinda off topic but I was wondering if you knew where I could
ReplyDeleteget a captcha plugin for my comment form? I'm using the same blog platform as yours and I'm
having problems finding one? Thanks a lot!
Review my site :: This Webpage
Hi, I think your website might be having browser compatibility issues.
ReplyDeleteWhen I look at your blog in Firefox, it looks fine but when opening in Internet Explorer, it has some
overlapping. I just wanted to give you a quick heads up!
Other then that, excellent blog!
Also visit my blog post linked site
First off I would like to say wonderful blog!
ReplyDeleteI had a quick question that I'd like to ask if you do not mind. I was interested to find out how you center yourself and clear your thoughts prior to writing. I've had a hard
time clearing my mind in getting my thoughts out there. I do enjoy writing but
it just seems like the first 10 to 15 minutes are generally wasted
simply just trying to figure out how to begin. Any ideas or tips?
Kudos!
Here is my weblog - official site
Hi there. I'm sorry to hassle you but I happened to run across your blog site and discovered you're using the
ReplyDeleteexact same theme as me. The only issue is on my website,
I'm battling to get the page layout looking like yours. Would you mind emailing me at: ericmartin@zoho.com so I can get this figured out. By the way I have bookmarked your internet site: http://www.blogger.com/comment.g?blogID=4862974542440684568&postID=4009403692858472509 and will be visiting often. Many thanks!
Also visit my web site ... check my site
Hi I am so grateful I found your blog page, I really found you
ReplyDeleteby accident, while I was looking on Google for
something else, Nonetheless I am here now and would just like to say
thanks a lot for a incredible post and a all round enjoyable blog
(I also love the theme/design), I don’t have time to look over it all
at the minute but I have saved it and also added in
your RSS feeds, so when I have time I will be back to read much
more, Please do keep up the fantastic b.
My weblog - compare auto insurance rates by state
Do you mind if I quote a couple of your articles as long as I provide credit and sources back to your webpage?
ReplyDeleteMy blog is in the exact same area of interest as
yours and my users would really benefit from some of the information you present here.
Please let me know if this alright with you. Regards!
Take a look at my homepage Discover More Here
Wonderful post however I was wondering if you could write a litte more
ReplyDeleteon this subject? I'd be very grateful if you could elaborate a little bit further. Bless you!
Here is my webpage ... http://www.petclubindia.com/groups/access-motor-insurance-prices/
Gday. I'm sorry to hassle you but I ran across your blogging site and noticed you happen to be using the exact same theme as me. The only problem is on my website, I'm struggling to
ReplyDeleteget the design and style looking like yours.
Would you mind emailing me at: delphiaoliphant@gmail.
com so I can get this figured out. By the way I have bookmarked your
internet site: http://www.blogger.com/comment.
g?blogID=4862974542440684568&postID=4009403692858472509 and will certainly be
visiting frequently. Thankyou!
My site ... www.haitianplug.com
Howdy. I was contemplating adding a hyperlink back to your site since both of our websites are primarily based around
ReplyDeletethe same topic. Would you prefer I link to you using your website address:
http://www.blogger.com/comment.g?blogID=4862974542440684568&postID=4009403692858472509
or web site title: Blogger: Night Queen...... Please let me know at
your earliest convenience. Kudos
Also visit my web site; relevant site
Hello just wanted to give you a quick heads up
ReplyDeleteand let you know a few of the images aren't loading correctly. I'm not sure why but I think
its a linking issue. I've tried it in two different browsers and both show the same outcome.
My web-site ... click this link now
I've loaded your blog in 3 completely different internet browsers and I must say this blog loads a lot faster then most. Would you mind emailing me the company name of your hosting company? My personal email is: federicomelancon@arcor.de. I will even sign up through your affiliate link if you would like. Thankyou
ReplyDeleteAlso visit my blog visit the website
Do you have a spam issue on this site; I also am a blogger, and I was wondering your situation; many of us have
ReplyDeletecreated some nice procedures and we are looking to exchange methods with others, please shoot me an
e-mail if interested.
Feel free to visit my web blog ... find auto insurance - -
Admiring the commitment you put into your blog and detailed information you present.
ReplyDeleteIt's great to come across a blog every once in a while that isn't the same old rehashed material.
Excellent read! I've bookmarked your site and I'm adding
your RSS feeds to my Google account.
My page - similar website
At this time it sounds like Movable Type is the preferred blogging
ReplyDeleteplatform out there right now. (from what I've read) Is that what you are using on your blog?
Here is my web-site: This Web page
Hi! I know this is kinda off topic however I'd figured I'd ask.
ReplyDeleteWould you be interested in trading links or maybe guest writing a blog article or vice-versa?
My site goes over a lot of the same topics as yours and
I feel we could greatly benefit from each other.
If you happen to be interested feel free to shoot me an e-mail.
I look forward to hearing from you! Fantastic blog by the way!
Feel free to visit my web-site :: More Information and facts
Hi there! I know this is somewhat off topic but I
ReplyDeletewas wondering which blog platform are you using for this site?
I'm getting tired of Wordpress because I've had issues with hackers and I'm looking at alternatives for another platform. I would be great if you could point me in the direction of a good platform.
my site: visit the up coming post ()
Howdy would you mind letting me know which hosting company
ReplyDeleteyou're working with? I've loaded your blog in 3 completely different internet browsers and I must
say this blog loads a lot faster then most.
Can you recommend a good internet hosting provider at a fair price?
Kudos, I appreciate it!
Here is my website: just click the following web site
I'm really enjoying the design and layout of your blog. It's a very easy on the eyes which makes it much more
ReplyDeleteenjoyable for me to come here and visit more often.
Did you hire out a designer to create your theme? Exceptional
work!
Have a look at my homepage - contextual link building
Today, I went to the beachfront with my children. I found a sea
ReplyDeleteshell and gave it to my 4 year old daughter and said "You can hear the ocean if you put this to your ear." She put the shell to her ear and screamed.
There was a hermit crab inside and it pinched her ear.
She never wants to go back! LoL I know this is completely off topic but I had to tell
someone!
my weblog; auto insurance maryland ::
::
Nice blog! Is your theme custom made or did you download it from
ReplyDeletesomewhere? A design like yours with a few simple tweeks would really make my blog shine.
Please let me know where you got your theme.
Thank you
Feel free to visit my page - inexpensive auto insurance -
-
Hello are using Wordpress for your blog platform?
ReplyDeleteI'm new to the blog world but I'm trying to get started and set up my own.
Do you need any coding expertise to make your own blog?
Any help would be greatly appreciated!
Also visit my webpage: visit the following internet
page **
Great post. I was checking constantly this blog and I'm impressed! Very helpful information particularly the last part :) I care for such info much. I was seeking this particular info for a long time. Thank you and best of luck.
ReplyDeleteHere is my page - automated link building
Wonderful website you have here but I was curious about if you knew of any discussion boards
ReplyDeletethat cover the same topics talked about here? I'd really love to be a part of community where I can get responses from other knowledgeable people that share the same interest. If you have any recommendations, please let me know. Thank you!
Here is my webpage - link building tool
Hey there would you mind letting me know which hosting company you're using? I've loaded your blog in 3 completely different web browsers and I must
ReplyDeletesay this blog loads a lot faster then most. Can you suggest a good hosting provider at a reasonable price?
Thank you, I appreciate it!, more at link building company!
Hello there! This post couldn't be written any better! Reading through this post reminds me of my previous room mate! He always kept chatting about this. I will forward this page to him. Fairly certain he will have a good read. Thank you for sharing!
ReplyDeleteLook at my web blog :: Full Document ()
Hi, I think your website might be having browser compatibility issues.
ReplyDeleteWhen I look at your blog site in Firefox, it looks fine but when opening in
Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up!
Other then that, excellent blog!
Feel free to surf to my website :: effective link building service
Does your website have a contact page? I'm having problems locating it but, I'd like
ReplyDeleteto send you an e-mail. I've got some suggestions for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it improve over time.
Here is my page: affordable link building
I am really loving the theme/design of your blog.
ReplyDeleteDo you ever run into any web browser compatibility problems?
A few of my blog readers have complained about my blog not working
correctly in Explorer but looks great in Firefox.
Do you have any advice to help fix this issue?
Feel free to surf to my web blog ... link building experts (http://Smadobase.De)
Hey! I could have sworn I've been to this blog before but after checking through some of the post I realized it's new to me.
ReplyDeleteAnyways, I'm definitely glad I found it and I'll be bookmarking and
checking back frequently!
Here is my web page; backlinks for website
Hey just wanted to give you a quick heads up. The words in your content seem to be running off the screen in Internet explorer.
ReplyDeleteI'm not sure if this is a format issue or something to do with internet browser compatibility but I thought I'd post to let you know.
The design look great though! Hope you get the issue fixed soon.
Kudos
Here is my blog post backlinks service