Related Posts Plugin for WordPress, Blogger...

Exploits - The central part of piracy

Posted by VdoCity Saturday, September 17, 2011

Hello readers today I will explain some of the basics of Hacking and tells why they are called exploits the central part of piracy, not knowing the basics can be understood in Hacking, Core means here is the most important part of piracy, so in this tutorial I will put some light on exploits.


What are the deeds?
An exploit is a piece of software for much of the data or error velnurability exploits to cause an unwanted or unexpected problems occurring in the computer



The types of vulnerabilities:
Deeds are of many kinds but the most popular used are as follows:
1.Xss (cross-site scripting)
Injection 2.Sql
3.Clickjacking
4.DDos attack
5.POC attack (connectivity test)
6.Spoofing


I explaing some of them
XSS (Cross Site Scripting)
Cross-site scripting or XSS is a threat to the security of a website. It is the most common and popular hack a website to access information from a user on a website. There are malicious hackers targeted using this to attack a website on the Internet. But mostly good hackers do this to find security holes to websites and help them find solutions. Cross-site scripting is a security hole in a website that is difficult to detect and stop, making the site vulnerable to attacks from hackers. This security threat to leave the site and its users open to identity theft, robbery and theft of financial data. It would be advantageous for owners of web sites to understand how cross-site scripting and how it may affect them and their users so they can establish the necessary security systems to block cross-site scripting in your web page.


SQL injection:
SQL injection involves inserting SQL code into web forms, for example. login fields, or in the browser's address field to access and manipulate the database behind the site, system or application.
When entering text in the fields username and password of a login screen, input data is usually inserted into an SQL command. This command checks the data you entered in the corresponding table in the database. If your input matches table / row data, you can access (in the case of a login screen). If not, you are beaten out again.

DDos Attack:
A denial of service attack (DOS) is an attack whereby a person can make a system unusable or significantly slow down the system for legitimate users by overloading of resources, so that nobody can access it. This really is not piracy, but a webite is used to capture a website.
If an attacker is able to access a machine, the attacker probably just crash the machine to perform a denial of service attack, in one of the most widely used method to hack website
I wrote a post about how to hack a website with denial of service attack

POC (Proof of Concept)
In computer security the term proof of concept (proof of concept or PoC) is often used as a synonym for a zero day exploit, especially for its early establishment, do not take full advantage of some vulnerability.This was same attack that


Clickjacking:
This attack was carried out on Twitter, after the micro-blogging site to its users immunized against a fast-moving worm that made them want to send messages when you click a button innocuous-looking, hackers have found a new way of clickjacking exploit the vulnerability.
The latest attack came from the UK based web developer Tom Graham, who discovered that launched Twitter arrangement did not apply to the mobile section of the page. At the moment we come to their findings, the exploit no longer worked. But Rafal's security consultant who sent us a small modification pwned enough that created a dummy account for testing.
The exploit is the ultimate reason to believe that the clickjacking, on Twitter and elsewhere, is here to stay, at least until the HTML specifications are rewritten. No doubt web developers will continue to achieve temporary solutions, but hackers can just as quickly find new ways to exploit the vulnerability, it seems.
This is due to clickjacking attacks fundamental design of HTML. It started to hide the destination URL in a specially designed iframe is hidden by a page that contains buttons lure presentation. Website of almost all browsers and is susceptible to the technique.


Spoofing:
According to Wikipedia impersonation in the context of network security, a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data and thereby obtain an illegitimate advantage.

How to find vulnerabilities:
There are a couple of methods and tools to discover vulnerabilities.



The figure above is called as a software exploit scanner Exploit Scanner is a tool to check if the site is velnurable not.you for attack or just enter the URL and the site will tell you whether or not velnurable

0 comments

Post a Comment