Sunday, 5 May 2013

Possible ways to Hack and Crack a website


Hacking a website not only means taking the whole control ofwebsite but can be either changing the website datas or make the website down by making denial of service attack.Here in this article we will see some possible ways of attacking awebsite.A website can be attacked in any one of the following ways.
  • Password Cracking
  • Simple SQL Injection Hack
  • Brute force attack for servers
  • Denial of service

PASSWORD CRACKING

The first and foremost thing that every hacker must need to hack a website is the hosting IP address of the website.You can directly find the IP address of any website from your command prompt itself.

1. For that open command prompt (window + r) and type cmd and hit enter.

2. Type the following command followed by the URL of the website 
nslookup URL address
For example
nslookup www.realhackings.com
and hit enter.you can see a window as shown below with the ip address of the website


Now you have got the IP address of the website.next step is to scan the IP we have got just now to see which protocols the Website at this IP is using 

For scanninng DOWNLOAD IP scanner and open it you can see a window as shown below.Just paste the IP you have just got and click scan button.



In the above image FTP is shown,That means this website is using FTP to access to its servers.just double click on the FTP to see a window as shown below


Now this is the final stage.When you enter exact username and password you can login to that website and do whatever you like.To find this username and password we have to do brute force attack

BRUTE FORCE ATTACK

In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.Well, to put it in simple words, brute-force attack guess a password by trying all probable variants by given character set. Eg. checking all combination in lower Latin character set, that is 'abcdefghijklmnopqrstuvwxyz'. Brute-force attack is very slow. For example, once you set lower Latin charset for your brute-force attack, you'll have to look through 217 180 147 158 variants for 1-8 symbol password. It must be used only if other attacks have failed to recover your password.For attacking any account using this technique you should need high patience and it will take a lot of time depending upon the number of characters 

Know more about BRUTE FORCE ATTACK

Denial of service ( Ddos attack ):

A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.

If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking

I recently wrote an article on Hack a website using denial of service

SQL INJECTION

SQL injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architecture or a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work.

NOTE: This is only for the website owners to test their websites for different vulnerabilities and to enable maximum security.

No comments:

Post a Comment