Hi readers today i will explain you some of Hacking basics and tell you why exploits are called the core part of Hacking,without knowing basics one can understand Hacking,Core meant here is the most important part of Hacking,so in this tutorials i will put some light on Exploits.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking.
The latest attack comes from UK-based web developer Tom Graham, who discovered that the fix Twitter rolled out wasn't applied to the mobile phone section of the site. By the time we stumbled on his findings, the exploit no longer worked. But security consultant Rafal Los sent us a minor modification that sufficiently pwned a dummy account we set up for testing purposes.
The exploit is the latest reason to believe that clickjacking, on Twitter and elsewhere, is here to stay, at least until HTML specifications are rewritten. No doubt web developers will continue to come up with work-arounds, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons. Virtually every website and browser is susceptible to the technique.
The above figure is of a software called as exploit scanner,Exploit scanner is a tool to check if the website is velnurable to the attack or not.you just need to enter the url and it will tell you whether the site is velnurable or not.
What are exploits?
An exploit is a piece of software of chunk of data that takes advantage of velnurability or bug in order to cause unintended or unanticipated behavior to occur on computer.Types of exploits
Exploits are of many types but the most popular ones that are commonly used are as follows:- Xss(Cross site scripting)
- Sql injection
- Clickjacking
- DDos attack
- POC attack (Proof of conect)
- Spoofing
XSS(Cross site scripting):
Cross-site scripting or XSS is a threat to a website's security. It is the most common and popular hacking a website to gain access information from a user on a website. There are hackers with malicious objectives that utilize this to attack certain websites on the Internet. But mostly good hackers do this to find security holes for websites and help them find solutions. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This security threat leaves the site and its users open to identity theft, financial theft and data theft. It would be advantageous for website owners to understand how cross-site scripting works and how it can affect them and their users so they could place the necessary security systems to block cross-site scripting on their website.Sql injection
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you've entered against the relevant table in the database. If your input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
DDos attack
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.this is not actually hacking a webite but it is used to take down a website.If an attacker is unable to gain access to a machine, the attacker most probably will just crash the machine to accomplish a denial of service attack,this one of the most used method for website hacking.
POC(Proof of concept)
In computer security the term proof of concept (proof of concept code or PoC) is often used as a synonym for a zero-day exploit which, mainly for its early creation, does not take full advantage over some vulnerability.Clickjacking
This attack was made on twitter,After the micro-blogging site immunized its users against a fast-moving worm that caused them to unintentionally broadcast messages when they clicked on an innocuous-looking button, hackers have found a new way to exploit the clickjacking vulnerability.The latest attack comes from UK-based web developer Tom Graham, who discovered that the fix Twitter rolled out wasn't applied to the mobile phone section of the site. By the time we stumbled on his findings, the exploit no longer worked. But security consultant Rafal Los sent us a minor modification that sufficiently pwned a dummy account we set up for testing purposes.
The exploit is the latest reason to believe that clickjacking, on Twitter and elsewhere, is here to stay, at least until HTML specifications are rewritten. No doubt web developers will continue to come up with work-arounds, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
That's because clickjacking attacks a fundamental design of HTML itself. It's pulled off by hiding the target URL within a specially designed iframe that's concealed by a decoy page that contains submission buttons. Virtually every website and browser is susceptible to the technique.
Spoofing
According to wikipedia spoofing In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.How to find exploits
There are couple of methods and tools to discover exploits.The above figure is of a software called as exploit scanner,Exploit scanner is a tool to check if the website is velnurable to the attack or not.you just need to enter the url and it will tell you whether the site is velnurable or not.
Subscribe To Get FREE Tutorials!
Respected Readers:
|
0 comments:
Confused? Feel free to ask
Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Post a CommentNote:-
Please do not spam Spam comments will be deleted immediately upon my review.
Regards,
XEO Hacker