Today i’m going to teach you some basics of website hacking , so first , we going to learn about website defacement.

1) What is Website defacement ?

A website defacement is an attack on a website that changes the visual

appearance of the site. These are typically the work of system crackers,

who break into a web server and replace the hosted website with one of

their own.

A high-profile website defacement was carried out on the website of the

company SCO Group following it’s assertion that Linux contained stolen

code. The title of the page was changed from “Red Hat vs SCO” to “SCO vs

World,” with various satirical content following.

2) Terms to be used

[SQL] – Structured Query Language

[LFI] – Local File Include

[RFI] – Remote File Include

[XSS] – Cross Site Scripting

[RCE] – Remote Code Execution

[AFD] – Arbitrary File Download

[SCD] – Source Code Disclosure

[PCI] – PHP Code Injection

3) Defacement techniques ?

I).Domain Hacking

II).FTP Protocol

III).Apache Vulnerable

IV).Script, Cookie, XSS

V).Social Engineering.

VI).SQL Injection

VII).RFI.

I) What is Domain Hacking ?

A Domain hacking is a process to transfer domain(yahoo.com) without owner permission with help of phishing, sniffing,spoofing.

A domain hack is an unconventional domain name that combines domain

levels, especially the top-level domain (TLD), to spell out the full

“name” or title of the domain, making a kind of fun.

Domain Hacking process

a) See who.is record of Slave(XXABCXX.net) DNS record and note

down admin email (xxabcxx@gmail/ymail/hotmail/live/[whatever apply this exception if possible admin(name)@XXABCXX.net] )

b) Send spoof mail to Slave admin email for password.

c) after open domain registrar —->(my.india s.com)

<———–website to access

their domain control panel (click forget password)

d) After you get a password in Slave email address of Slave domain.

e) Just login on domain control panel.

f) and get ECCP code and create new account on hosting company

and choose Domain transfer (all submit all details)

g) You will get all rights on this domain for lifetime.

II) What is FTP Protocol ?

The File Transfer Protocol (FTP) provides the basic elements of file

sharing between hosts. FTP uses TCP to create a virtual connection for

control information and then creates a separate TCP connection for data

transfers. The control connection uses an image of the TELNET protocol

to exchange commands and messages between hosts.

for detail check this Detail about FTP

III) What is XSS ?

XSS is a type of computer security vulnerability typically found in web

applications which allow code injection by malicious web users into the

web pages viewed by other users.

Cross Site Scripting is a technique used to add script to a trusted site that will be executed

on other users browsers. A key element to XSS is that one user can submit data to a

website that will later be displayed for other users. It is nessesary that the bad guy NOT

mess up the HTML structure, otherwise the result will be web defacement rather then

attacking other users.

IV) What is Social Engineering ?

Social engineering is the act of manipulating people into doing actions or exposing confidential information. It’s trickery or deception to gather information, fraud, or computer system access where in the hacker never comes face-to-face with the Slave.

V) What is SQL injection ?

SQL injection is a type of security exploit in which the attacker

injects Structured Query Language (SQL) code through a web form input box, to gain access to resources, or make changes to data.

It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database.

————–>Preventing SQL Injection<——————-

To protect against SQL injection, user input must not directly be

embedded in SQL statements. Instead, parameterized statements must be

used (preferred), or user input must be carefully escaped or filtered.

VI) What is RFI ?

Remote File Inclusion attacks allow malicious users to run their own PHP

code on a vulnerable website. The attacker is allowed to include his

own (malicious) code in the space provided for PHP programs on a web

page.

Hope that sums it up in a good way of possibly all the methods that work.

Happy Hacking !!