Website hacking Methods.......

I gonna teach you some basic of website hacking so first We gonna learn about website defacement

1) What is Website defacement ?

A website defacement is an attack on a website that changes the visual appearance of the site. These are typically the work of system crackers,who break into a web server and replace the hosted website with one of their own.

A high-profile website defacement was carried out on the website of the company SCO Group following its assertion that Linux contained stolen code. The title of the page was changed from "Red Hat vs SCO" to "SCO vsWorld," with various satirical content following

2) Terms to be used ---->

[SQL] - Structured Query Language

[LFI] - Local File Include

[RFI] - Remote File Include

[XSS] - Cross Site Scripting

[RCE] - Remote Code Execution

[AFD] - Arbitrary File Download

[SCD] - Source Code Disclosure

[PCI] - PHP Code Injection

3) Defacement techniques ?

I). DNS hijacking

II).FTP Protocol

III).Apache Vulnerable

IV).Script, Cookie, XSS

V).Social Engineering.

VI).SQL Injection

VII).RFI.

  

Now :-

I) What is Domain Hacking ?

A Domain hacking is a process to transfer domain(yahoo.com) without owner permission with help of phishing, sniffing,spoofing.

A domain hack is an unconventional domain name that combines domain levels, especially the top-level domain (TLD), to spell out the full "name" or title of the domain, making a kind of fun.

------->Domain Hacking process :--->

a) See who.is record of Slave(XXABCXX.net) DNS record and note

down admin email (xxabcxx@gmail/ymail/hotmail/live/[whatever apply this exception if possible admin(name)@XXABCXX.net] )

b) Send spoof mail to Slave admin email for password.

c) after open domain registrar ---->(my.india s.com)

their domain control panel (click forget password)

d) After you get a password in Slave email address of Slave domain.

e) Just login on domain control panel.

f) and get ECCP code and create new account on hosting company

and choose Domain transfer (all submit all details)

g) You will get all rights on this domain for lifetime.

  

II) What is FTP Protocol ?

The File Transfer Protocol (FTP) provides the basic elements of file sharing between hosts. FTP uses TCP to create a virtual connection for control information and then creates a separate TCP connection for data transfers. The control connection uses an image of the TELNET protocol to exchange commands and messages between hosts.

for detail check this Detail about FTP

III) What is XSS ?

XSS is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

Cross Site Scripting is a technique used to add script to a trusted site that will be executed

on other users browsers. A key element to XSS is that one user can submit data to a

website that will later be displayed for other users. It is nessesary that the bad guy NOT

mess up the HTML structure, otherwise the result will be web defacement rather then

attacking other users.

IV) What is Social Engineering ?

Social engineering is the act of manipulating people into doing actions or exposing confidential information. It's trickery or deception to gather information, fraud, or computer system access

where in the hacker never comes face-to-face with the Slave. Here are

I don't want to make my thread so big in size so i helped myself by

LINK

V) What is SQL injection ?

SQL injection is a type of security exploit in which the attacker

injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data.

It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database.

-------------->Preventing SQL Injection

To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.

VI) What is RFI ?

  

Remote File Inclusion attacks allow malicious users to run their own PHPcode on a vulnerable website. The attacker is allowed to include his own (malicious) code in the space provided for PHP programs on a web page.