We are looking into various basic methods of hacking into a user's web account and the website's database itself by using some basic methods.
image of a hacker |
Points to Cover
- Hacking user accounts.
- Finding database leaks.
- Reverse shell connections.
- XSS cross-site scripting.
- DDOS attacks.
- SQL injection.
- Some basic target enumeration.
- Cross-site request forgery.
- Bug Bounty.
- Websites for bug bounties.
Hacking User Accounts
User's accounts in a website are usually social media websites for example Twitter,Facebook,instagram
These accounts contain user information such as his password, IP address, emails, location, personal photos, etc.
During data breaches the information is leaked to the hackers which can be accessed via API's which are paid obviously but such information is traded in the Dark-web for bitcoins and if you are not a real member of a hacker group who does all such stuff well you might be a good guy other than this hackers use some other methods to hack into a user's accounts.
Brute-forcing:
Technique in which the hacker uses a ton of custom or pre-recorded passwords to forcefully gain access into a victim's account.
In short, it is guessing the password on a trial and error basis.
They have a lot of methods and programs to execute this some of them are Burpsuite and my personal favorite Hatch.
Burpsuite works by capturing the login request and analyzing the login credentials and using the updated packet and redesigning it according to the new password and Bruteforcing the website In this way.
Hatch is a really simple tool made in Python that uses selenium to create a portable website and Bruteforcing the website by providing the username-selector, password-selector, login-selector, and the username and password file accordingly.
This is a simple but slow and better way for hacking into individual social media accounts, but in the long run, Burpsuite is the best for the job as it can do more than a simple brute-force attack.
Social Engineering:
Social Engineering is a simple yet complicated thing, simply because it is easy to understand and complicated because it is difficult to execute.
In Social Engineering you need to convince the target that you are a legit person and try to retrieve information out of him but it is not everyone's cup of tea it takes a lot of practice and a strongly convincing nature for it to be done without any problem.
Finding Leaks In the Databases
Finding Database leaks is relatively easy for some users who use the Dark-web as it can be found in any dark web address but for some people who do not know about the dark web it is a place where all the black hat hackers sell the hacked data in exchange for bitcoins.
Commonly there are some unexpected leaks left by the websites due to some miss configs. This is something I would like to find out about during a bug bounty program.
We can find these leaks using something known as google dorks.
Using google dorks you can find any hidden and potential files with sensitive information for example files like Logs, Username.txt, Password.txt, Database folders, etc.
This is really useful during a bug bounty program or during a pentesting where you might have to find the misconfigured database.
Its really interesting right so to execute this you will need:
- A google browser.
- A lot of time.
- A lot of searching.
Most of the requirements are not software-related.
Reverse shell connection
A reverse connection to the server's shell or terminal is a really common thing to use in web pentesting.
Hackers find the programming language used in the making of the website and use the payload accordingly.
When attempting to compromise a server, an attacker may try to exploit a command injection vulnerability on the server system. The injected code will often be a reverse shell script to provide a convenient command shell with or without root access for further malicious activities such as a huge data breach, complete erase of the server, etc.
To listen to a reverse shell in Linux you need to have netcat installed but in windows, you need to have ncat which comes installed with nmap suite to run listening on Linux, and windows you need to execute the following code to listen for the reverse shell.
XSS cross-site scripting
The concept of cross-site scripting is completely the opposite of reverse shell connection its a really difficult task you need to do a lot of enumeration on the client-side than on a server end for example:
I am a hacker enumerating on the client-side let us take dtech as my target website so first I will look into the source code and the programming language used to let us consider it as node js now I need an appropriate location to inject the code the best location for this is the search bar.
DDOS attacks
DDoS attack or Distributed Denial of Service attack is an attack aiming to destroy the service of a website by crashing its server by sending a lot of packets and requests to the server. The hackers usually use tools like the low orbit ion cannon, ping of death, SYN flood, HTTP flood & more.
To conduct such a attack hackers require some really powerful computers with a really good internet connection around 220 Mbps or 300 Mbps of speed is minimum or you can have a lot of low or medium-performing computers with considerable internet speed.
There are a lot of DDoS attacks out there but we are concentrating on some of the attacks and I will be telling you about the easiest way to set up a botnet.
Types of DDOS attacks:
There are a lot of DDoS attacks out there we are going to discuss:-
- ICMP attack-ICMP attack is an attack in which the attacker sends pings or Internet Control Messaging Protocol to send multiple requests to the server which completely drains the resources of the server causing it to restart or crash such a ping attack can be done on a windows system using the ping command.
- SYN flood attack-An attack that utilizes the age-old TCP communication known as the three-way handshake
- HTTP flood attack-Is an application layer denial of service attack it sending a lot of packets to the server with the HTTP header which is completely legit packets with GET or POST request making it extremely resource exhausting for the server.
- Slowloris. Slowloris is one of the slowest but highly lethal attacks amongst the DDoS attacks out there generates a very low amount of packets that help it to escape the standard DDoS prevention tools.
- IP null attacks. In case of an IP Null attack, the malefactors send packets containing the null values in this field. More often than, the edge routers and firewalls will let such a packet in as an unclassified one.
SQL Injection
An SQL injection vulnerability is an issue where the webserver is made to respond in such a way that the website gives all the users information if the conditions are satisfied.
Cross-Site Request Forgery
Cross-site request forgeries are a vulnerability that can be exploited on the client-side where the GET request of a particular variable is modified to achieve malicious goals.
For example, I am a hacker who wants to change the password of an existing user so for that I need to get the GET request and the parameters for it and after some careful analysis with the help of BURPSUITE, we can enumerate and forge a packet of malicious intent.
After achieving that we can obtain the XSS vulnerability or any such vulnerability and code a URL with the password change request in the URL and when the target who has already logged in when executed changes the target's password without is a notice giving the hacker full access to the victim's account.
Bug Bounties
A bug bounty is a hacking program where the hackers are paid for finding a bug or vulnerability in a website or app.
The reward depends on the level of the bug low, medium, and high, and the bug report will be validated and based on its level, the reward will be given..