How to Hack a Website in Four Easy Steps
Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the preserve of geeks, so we've decided to show you how easy it is to do, in just four easy steps.
Step 1: Identify your target
While Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability.
Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork.
Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.
Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials? There's a Dork for that.
For example, if you are looking for files stored on websites containing passwords, then a sample search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This returns the results shown in the screengrab above.
So now you have a list of potential victims. Next you need to narrow this down even further.
Step 2: Check for vulnerabilities
Having a huge number of sites which may or may not be vulnerable is not much use unless you can pinpoint one which is actually open to attack. This is when a programme called a vulnerability scanner comes into its own and the most popular is called Acunetix.
Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web developers to test sites they are building. However the hacking community has commandeered the tool and uses it to identify existing vulnerable sites.
You can download a trial version of the software for free from the official Acunetix website or if you venture into the murky depths of a hacker forum and search for Acunetix, you can find cracked versions of the full application freely available.
Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.
Step 3: Attack the website
Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site.
This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. SQL is a programming language designed for managing data in a database.
But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code.
The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.
Again there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.
The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button.
Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.
And that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is.
Step 4: If all else fails, DDoS
Hacktivist collective Anonymous changed their tactics in the last 12 months moving away from DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with the help of another freely available tool.
And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers in order to attack websites.
Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest. What the application will do is send up to 200 requests per second to the site in question.
While most bigger sites might be able to deal with this request without crashing, most websites out there will not, especially if you get together with some other hacking virgins and combine your efforts.
So easy is it to use this technology that you can even control it from your BlackBerry, meaning you can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of your choice.
If our tutorial has not provided you with enough information, there are dozens of other tutorials on various hacker forums around the web and even video tutorials on YouTube which you can watch.
download full version of the hacking software here
very informative blog ,it enriched my knowledge of aviation in very simple way.
ReplyDeleteair hostess training in chennai
Aviation Academy in Chennai
Aviation courses in Bangalore
Aviation Academy in Chennai
Air hostess training in Bangalore
Aviation Academy in Chennai
Air Hostess Training in Chennai
air hostess training in chennai
Aviation courses in Bangalore
Air Hostess Training in Bangalore
Thanks to the author for sharing this great valuable post with us.
ReplyDeleteSpoken English Classes in Chennai
Best Spoken English Classes in Chennai
IELTS Coaching in Chennai
IELTS Coaching Centre in Chennai
English Speaking Classes in Mumbai
English Speaking Course in Mumbai
IELTS Classes in Mumbai
IELTS Coaching in Mumbai
IELTS Coaching in Anna Nagar
Spoken English Class in Anna Nagar
Superb ! Your blog is incredible. I am delighted with it. Thanks for sharing with me more information.
ReplyDeleteSEO Training in Anna Nagar
SEO Training in Chennai
Digital Marketing Course in anna nagar
SEO Training in OMR
AWS Training in anna nagar
SEO Training in T Nagar
PHP Training in OMR
DevOps Training in T Nagar
ReplyDeleteGreat blog! I got lots of information here. Thanks for sharing this post
Web Designing course in Velachery
Web Designing course in Thiruvanmiyur
Web Designing course in T nagar
Web Designing course in Anna nagar
Web Designing course in Vadapalani
Web Designing course in Tambaram
Web Designing course in Porur
Web Designing course in Adyar
Web Designing course in OMR
ReplyDeleteThanks for posting this.I got many helpful information from your blog.
Android Training in Velachery
Android Training in T nagar
Android Training in Anna nagar
Android Training in Porur
Android Training in Tambaram
Android Training in OMR
Android Training in Adyar
Android Training in Vadapalani
Android Training in Thiruvanmiyur
I read this blog, Nice article...Thanks for sharing waiting for the next...
ReplyDeleteC C++ Training in Chennai
c++ class
c c++ course fee
c++ course fees
C Language Training
javascript training in chennai
core java training in chennai
Html5 Training in Chennai
DOT NET Training in Chennai
QTP Training in Chennai
This is one of the great blog posts.I inspired your post.
ReplyDeleteFilm Institute in Chennai
Acting School in Chennai
Weekend Acting Classes in Chennai
film making courses in chennai
Film Direction Course in Chennai
Part Time Film Direction Course in Chennai
film courses in chennai
Film Institute in Chennai For Acting
best film school in chennai
Best Acting School in Chennai
Wow, thanks. I love seeing all the pictures. It makes it so easy to browse. I'm pinning this for letter review next year. Right now, we working our way through the alphabet using super heroes
ReplyDeleteDot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery
The SAT (Scholastic Aptitude Test) and the ACT (American College Testing) are both standardized tests serving as comparative yardsticks of interpreting students’ overall academic performance in relation to the national applicant pool, acting as a comparative yardstick of a student’s performance to qualify for the undergraduate admission criteria in some colleges/universities of the U.S.
ReplyDeletesev7n IB tuitions
sev7n IB Online Tuitions
sev7n IB home Tuitions
sev7n IB math ai and aa
sev7n IB physics hl/sl
sev7n IB ee
sev7n IB tok
Hacking is the application of technology or technical knowledge to overcome some sort of problem or obstacle.
ReplyDeleteThanks for this Blog.Really useful to me.
Cyber Security Training Course in Chennai | Certification | Cyber Security Online Training Course | Ethical Hacking Training Course in Chennai | Certification | Ethical Hacking Online Training Course |
CCNA Training Course in Chennai | Certification | CCNA Online Training Course | RPA Robotic Process Automation Training Course in Chennai | Certification | RPA Training Course Chennai | SEO Training in Chennai | Certification | SEO Online Training Course
ReplyDeleteAwesome Blog!!! Thanks for it, it is more useful for us.
SEO Training in Anna Nagar
SEO Training in Velachery
SEO Training in OMR
SEO Training in T Nagar
SEO Training in Porur
SEO Training in Chennai
I really enjoyed this article. I need more information to learn so kindly update it.
ReplyDeleteRPA Training in Tambaram
RPA Training in Anna Nagar
RPA Training in Velachery
RPA Training in T nagar
RPA training in Porur
RPA Training in OMR
RPA Training in Chennai
This post is so interactive and informative.keep updating more information...
ReplyDeleteSelenium Training In Mumbai
Selenium Training in Ahmedabad
Selenium Course in Kochi
Selenium Training in Trivandrum
Selenium Training in Kolkata
Excellent Blog to read. You have shared a useful information. Thank you.
ReplyDeleteSEO Training Institute in Chennai
SEO Classes in Chennai
Have you heared about these topic:
ReplyDeletehdmoviesflix
MoviesFlix
Syco Fidget Store
Hdhub4u ltd
Wpc15