Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: How hackers will try and hack your website!

30 Dec 2010   #1

Windows 7 Ultimate Professional x64
How hackers will try and hack your website!

Hello everyone,

This is for educational purposes only. I hope no one on this site would abuse the information i am about to provide.

Remote File Inclusion (RFI):
A method of uploading a shell by an off-site link.

Local File Inclusion (LFI) AKA Directory traversal attack:
A method of pulling usernames and passwords off a website vulnerable to the exploit of insufficient security validation / sanitization of user-supplied input file names.

Blind Structured Query Language Injection: (blind SQLI):
Method of once again insufficient security validation and sanitization of user-input.

Basic SQLi:
This is the easiest method of SQLi. This method allows you to enter codes such as ' or '1'='1 into the username and password fields to gain access.

Cross Site Scripting (XSS):
A method of injection html/javascript into a website. The can be both persistent attacks, and non-persistent.

Cross site request forgery (CSRF):
An attack that is commonly sent by e-mail or other means and often tricks a user. Links given to a target may include HTML.This will be activated through the slave's browser and the site will think it was a valid and intentional move.

Public Exploits:
Public exploits are just scripts that people have released for others to use. Such as
this exploit which exploits a web-server running this program on one of its open ports.

DNS hijacking:
This is the method or redirecting the domain name to a rouge domain name. This method is used particularly in phishing attacks.
Another attempt that can be used to hijack the domain name is called DNS cache poisoning.

This method is the practice of running a program to keep guessing the password and username of a site. This method is vastly going out of fashion as the max login attempts are added and even without this obstacle, it can take weeks to gain the correct password.

Password Guessing:
Yes, just as it sounds. This is the method of just guessing common passwords.

Packet Sniffing:
If a site with FTP access is found, there is software they can use to sniff the password and username when the login.

RCE (Remote Command Execution):
This is the method of making the server read command that you have entered for it to.

Social Engineering:
A common method used to gain information. This can be a long process, but an effective one.

Cookie poisoning:
This is a method of editing cookies you have already gained, to gain extra privileges. Not a very common method now as of cookies being encrypted, and having to be signed.

Parameter tampering:
An attack usual done by modifying values in the url. E.g. changing a value to decrease the amount you have to pay on something.

****** ****:
A Firefox add-on which is used to modify http/https headers and post parameters.

Admin Auth bypass:
This exploit when a server/application allows you to edit by having the valid URL, instead of by cookies. Another method of admin auth bypass is editing the html to proceed even if the password is wrong.

My System SpecsSystem Spec
30 Dec 2010   #2
Johnathan Lyman

Windows 7 Ultimate 64-bit

****** ****:
A Firefox add-on which is used to modify http/https headers and post parameters.
My System SpecsSystem Spec
26 Feb 2011   #3

Windows 7 Ultimate Professional x64

Its a tool specifc for this so i didnt really want to throw out its name.

Quote   Quote: Originally Posted by Johnathan Lyman View Post
****** ****:
A Firefox add-on which is used to modify http/https headers and post parameters.
My System SpecsSystem Spec


 How hackers will try and hack your website!

Thread Tools

Similar help and support threads
Thread Forum
Word 2010: paste from website into word, retaining website font
I wanted to determine the color and font of text from a website. I cut and pasted a paragraph into Word 2010, but Word 2010 pasted using my default font. Is there a way to disable this, temporarily?
Microsoft Office
The download button in MS Website got covered by its website!
This is what happens when I tried to download ANYTHING from Microsoft (most of them are free applications): I've tried to uninstalled silverlight and re-installed it. I've also tried with updating graphic driver,...
Browsers & Mail
Ip Hack
I know alot about the world of I.T apart from security. Can someone hack me easily if they know my I.P?
Network & Sharing
Can't access one website and only the one website
The website is Gen-R website I was on it earlier today and also using the ftp account but know I can't even access the site. I am using Windows Seven 64 bit Microsoft Windows Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Watson>TRACERT Tracing...
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:56.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App