Are you curious about how hackers do hacking or defacing websites? Don't worry, ApkVenue will explain all the methods that hackers usually use to break into websites or database_web.
Recently, news emerged of the hacking of the Telkomsel site and Indosat which makes a fuss. This phenomenon also adds to the list of operator sites that have been victims of ignorant acts hacker. The case that happened to the two operator sites yesterday is commonly referred to as defacing, i.e. hackers only change the front page of the site without destroying the system, even so the action is still not justified because it was done without owner's consent.
You may be curious how hackers do hacking or defacing website? Don't worry, Jaka will explain all methods which hackers usually use to break into websites or database web.
- Don't Admit Hacker If You Don't Know These 10 Terms
- What's in the Hacker's Bag Mr. Elliot Alderson robot? Here's the List!
- 7 Ways to Become a Real Computer Hacker
CAREFUL! These 6 Techniques Hackers Do To Hack Online Websites
What are the Basic Things Hackers Should Know Before Hacking Websites?
Before becoming professional hacker, of course there are several processes that must be passed, starting from learning from zero to the most difficult level. Although this is only optional, if you intend to become a hacker, at least these basic skills are what must be mastered. What are those?
- Basics HTML, SQL, PHP
- Basic knowledge about Javascript
- Basic knowledge about how does the server work
- And most importantly, have to learn how remove traces when finished accessing a system. If this trivial matter was ignored, it would be tantamount to suicide.
You can learn the first two points above through sites on the internet. A popular site that many people visit to learn the basics of HTML, SQL, PHP, and Javascript can be through the page //www.w3schools.com/
Methods For Hacking Websites
Technically, at least There are 6 methods to hack or defacing a website. What are those methods? Come on, see the following description.
1. SQL Injection
Before going any further, let's get acquainted with this first method, so what is it SQL Injection? SQL Injection is a technique used to attack website. By doing SQL Injection, hackers can do: login to the web without having to have an account.
With this method hackers can access the entire web system such as changing, deleting, adding new data, and even worse, namely delete the entire content of the website.
Here are some tools which is used to simplify the practice of SQL Injection in its application in the world of hacking:
- BSQL Hackers
- The Mole
- Pangolin
- SQLMap
- Havij
- SQL enemas
- SQL Ninja
- SQL Sus
- Safe SQL Injector
- SQL Poizon
2. Cross Site Scripting
Cross Site Scripting or XSS is an attack that uses the code injection method. XSS method means hacker enter malicious data into a website, that malicious data causes the app to do something it wasn't meant to do.
Simply put, the attacker inserts certain HTML code or malicious code into a site, the purpose is as if the attack came from the accessed web the. With this method hackers can do bypass security from the client side, then get sensitive information.
Some sites that are generally vulnerable to XSS attacks are:
- Search engine
- Login form
- Comment field
3. Remote File Inclusion
This method is often called RFI, which is a hacking method that is used to exploit system. The RFI method is one way to do web system penetration other than using SQL injection. The way this RFI works is by exploiting a loophole in the website by insert files from outside the web which is then executed by the server.
Things that hackers can do by using the RFI method are as follows:
- Code execution on web server
- Execution of client-side code, such as Javascript which can lead to other attacks
- Cross-site scripting (XSS)
- Denial of Service (DoS)
- Data theft and manipulation
4. Local File Inclusion
Local File Inclusion or LFI method namely inserting some malicious code into a site that has a security hole. This method allows attackers to have the ability to browse the contents of the server by means of a directory transverse.
One of the most common uses of LFI is find the file /etc/passwd. The file contains important user information on a Linux system. The LFI method is almost the same as RFI, although this method is known as one of the bugs the old one, the impact can be said to have a high risk because it is related to access shell.
5. DDOS Attack
Attack DDOS (Distributed Denial of Service) is an attempt to make computer resources unavailable to their intended users. The motive and purpose of DDoS attacks by hackers may vary, but generally DDoS attacks addressed to internet sites or services not function properly for an indefinite period of time.
Due to its unlimited nature, DDoS attacks are very consuming bandwidth and resources of the attacked website. As a result, the attacked website will experience down alias inaccessible by anyone.
6. Exploiting Vulnerability
The last method we will discuss is Exploiting Vulnerability or if it means exploit security holes. This method actually includes the five methods above, but is deliberately described separately because There are several types of exploitation used as a separate method.
Basically the basic idea of this method is to find security gaps on a website and exploit it to obtain important information, such as admin or moderator accounts so that attackers can manipulate everything easily. There are two methods of exploiting vulnerability that are often done by hackers, namely through: Local Exploit and Remote Exploit, both have their own advantages and disadvantages.
That's 6 methods that hackers often use to break into websites or internet services. The purpose of hacking is actually used to find security holes so that in the future it doesn't become a problem. But then abused by hackers who are not responsible for breaking the system and hacking it for personal purposes.
