in here im not going to teah you hack.. but i ll give you some technique to prevent hacking attacks. its very difficlut to be a Hacker.tThe peroson who going to be a
hacker should have expert knowledge of atlest one programming language and creative mind.. its better to know hacking type, mostly hacker are used. these things are i got from the internet. the accuracucy may be sure. but it ll give enough idea.
THESE ARE NOT MY INSPIRATION.THANKS FOR EVERY ORIGINAL AUTHORS..
without your article, i cant create this type of blog.
These are the top 10 web hacking technique commonly use
Unvalidated input
Broken access control
Broken authentication and session management
Cross site scripting
Buffer overflows
Injection flaws
Improper error handling
Insecure storage
Denial of service
Insecure configuration management
Broken access control
Broken authentication and session management
Cross site scripting
Buffer overflows
Injection flaws
Improper error handling
Insecure storage
Denial of service
Insecure configuration management
some of the above are explain in datails
INJECTION FLAWS(SQL INJECTION)
SQL — Structured Query Language — is the language used by software engineers and web developers everywhere to interface web applications with databases. When a web developer uses data from a web form as part of a SQL statement without carefully validating it, there is a reasonable likelihood of a SQL Injection vulnerability.
SQL Injection attacks typically only work against systems where serverside software is constructing strings to build dynamic SQL statements using parameters controlled by an end user. Many database-driven systems utilize stored procedures extensively; depending on how the stored procedures are called, these attacks probably won’t work.
CROSS SITE SCRIPTING
Cross Site Scripting (CSS for short, but sometimes abbreviated as XSS) is one of the most common application level attacks that hackers use to sneak into web applications today. Cross site scripting is an attack on the privacy of clients of a particular web site which can lead to a total breach of security when customer details are stolen or manipulated. Unlike most attacks, which involve two parties – the attacker, and the web site, or the attacker and the victim client, the CSS attack involves three parties – the attacker, a client and the web site. The goal of the CSS attack is to steal the client cookies, or any other sensitive information, which can identify the client with the web site. With the token of the legitimate user at hand, the attacker can proceed to act as the user in his/her interaction with the site – specifically, impersonate the user. For example, in one audit conducted for a large company it was possible to peek at the user’s credit card number and private information using a CSS attack. This was achieved by running malicious Javascript code at the victim (client) browser, with the “access
privileges” of the web site. These are the very limited Javascript privileges which generally do not let the script access anything but site related information. It should be stressed that although the vulnerability exists at the web site, at no time is the web site directly harmed. Yet this is enough for the script to collect the cookies and send them to the attacker. The result, the attacker gains the cookies
and impersonates the victim.
INPUT VALIDATION
Input validation attacks attempt to submit data which the application does not expect to receive. Normally, an application will perform some type of sanity check on user input. This check tries to ensure that the data is useful. More important checks are necessary to prevent the data from crashing the server. Less stringent checks are required if the data is only to be limited to a specific length.
Imagine the credit card field for an application’s shopping cart. First of all, the credit card number will only consist of digits. Furthermore, most credit card numbers are only 16 digits long, but a few will be less. So, the first validation routine will be a length check. Does the input contain 14 to 16 characters? The second check will be for content. Does the input contain any character that is not a number? We could add another check to the system that determines whether or not the data represents a reasonable credit card number. The value “0000111122223333” is definitely not a credit card number, but what about
“4435786912639983”? A simple function can determine if a 16-character value satisfies the checksum required of valid credit card numbers. Publicly available routines can determine the validity and card type of a 15-character credit card number that starts with a 3 and where the second digit is a 4 or a 7.
Data validation can be complex. The application programmers have to exercise a little prescience to figure out all of the possible values that a user might enter into a form field. We just mentioned three simple checks for credit card validation. These tests can be programmed in JavaScript, placed in theHTMLpage, and served over SSL. But is it secure?
SESSION HAIJACKING
Many web-based applications employ some kind of session management to create a user-friendly environment. Sessions are stored on server and associated with
respective users by session identifiers (IDs). Naturally, session IDs present an
attractive target for attackers, who, by obtaining them, effectively hijack users’
identities. Knowing that, web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction and brute-force attacks. In a session fixation attack, the attacker fixes the user’s session ID before the user even logs into the target server, thereby eliminating the need to obtain the user’s session ID afterwards. There are many ways for the attacker to perform a session fixation attack, depending on the session ID transport mechanism (URL arguments, hidden form fields, cookies) and the vulnerabilities available in the target system or its immediate environment. The paper provides detailed information about exploiting vulnerable systems as well as recommendations for protecting them against session fixation attacks.
so.. its enough for today.. i think now you have VERY LITTLE IDEA about what hackers do
at the next i ll tell you another type of hackers technique and, newly trend..
SOMETIMES THIS BLOG LL BE DISSAPEAR AFETR FEW DAYS.. COZ I PUBLISHED HACKERS SECRETS
BUT REMEMBER THERE MUSNT BE ANY SECRET.. WE HAVE TO SHARE OUR KNOWLEDGE TO INTERNET
BECOME BETTER PLACE TO EVERYONE..SO I M WAITING FOR YOU COMMENTS.. USE THIS BLOG TO
SHARE YOUR KNOWLEDGE.. THIS LL HELP TO US KEEP OUR SITE SAFE.. AND ALSO CAUSE TO
IMPROVE OUR KNOWLEDGE..
Posts
No comments:
Post a Comment