Ok, so let's begin the second part of our hacking overview. There are many different methods of hacking, many different people who hack and many different reasons for the hacks. We are firstly going to look at common methods of hacking.
First, there are many different ways to hack and get access to secure information, some may be simpler than others, but generally, they can all be just as successful and useful as all the others, about 99.999999999% of the time you will HAVE to combine more than one of these methods during a hacking session to successfully complete the hack.
An SQL attack is the method where a hacker will breach the login form by accessing the data in the SQL database of the website, and searching through row and column names, will eventually discover a user password, preferably an Admin password. This method is more commonly used with the Information_Schema command, but it all depends how the webmaster has the set up his login site.
An LFI or RFI (Local File Intrusion / Remote File Intrusion) is when a hacker locally or remotely adds a dangerous script into a server, website, etc and therefore gains control to login info, sensitive info, access to all files, etc.
Social Engineering is all about making other people give you the information you need, normally, a hacker will phone in posing as a employee who has forgotten his login details or needing confidential information immediately, he then gets the other person to give him the information, allowing the hacker access on to the system. Social engineering has become increasingly popular as it saves time and resources.
Brute force is a method of password cracking, when a hacker does a brute force attack, he runs a program that tests multiple passwords and encryption types until the password has been cracked. The problem with brute force is the amount of combinations available and the amount of time it can potentially require to crack the encryption.
Rainbow cracking uses rainbow tables to crack passwords, rainbow tables are lists of code with every available combination of a certain encryption, rainbow cracking is much quicker and effective, although creating your own tables is very time consuming and rainbow table files are very large files. You can purchase rainbow tables online as well.
Dictionary crack is used when the hacker at least knows that the password is an actual existing word, the hacker then runs a program which tests a whole list of words in reference to the password, if the password is an actual word, this is a very quick and effective method.
There are many many more methods and I will go into most of them in more detail in later blogs, but here are a few common methods.
Another quick add-in before I end off today's post is anonymity, anonymity is making sure nobody knows who you are, this is very important in the hacking world as hacking is illegal, if you are an expert, you can build scripts to delete the log files, but there are multiple problems to this approach, the best method is to not even be logged on the site, to stay anonymous, you can hack through a proxy server, hiding your actual IP, this method works great if you understand which proxy servers you should be using. The next best thing is to use the TOR web browser, TOR is an anonymous web browser, which disguises your true IP address and also does not allow sites to store cookies or other personal information.
To get TOR visit:
https://www.torproject.org/download/download-easy.html.en
Thanks.
Techno Master
Posts
No comments:
Post a Comment