Hack this site ?

Hacking website is not a very simple job first you need to find a back-door in the website or you can call it a vulnerability. There are multiple ways to find vulnerabilities.

I generalized them in two ways:

There are two ways for that
  1. Easy way: Buy any Vulnerability scanner and scan with it and find vulnerabilities if you want to know about softwares then this is some softwares which can help you.
    1. Nessus VS
    2. Saint VS
    3. Qualys VS
    4. Nexpose VS
    5. GFI Languard VS
    6. Coreimpact VS
    7. Solar winds engineers toolset VS
Tough way: Scan your website manually for each of OWASP top 10 vulnerabilities on your website and try to find some bugs.


OWASP top 10 vulnerabilities are most preferable for finding the bugs most of the time you can rely on them.

every year a company OWASP does an analysis in which they try to find the most common vulnerabilities present in the majority of the websites.

OWASP top 10 vulnerabilities are

1. SQL injection.
2. Broken authentication and session management.
3. Cross site scripting (XSS).
4. Insecure direct object references.
5. Security Misconfiguration.
6. Sensitive Data Exposure.
7. Missing function level access control.
8. Cross-site request forgery (CSRF).
9. Using components with known vulnerabilities.
10. Unvalidated redirects and forwards.


Steps for website Pentesting.

1. Footprinting website applications and webserver information.
2. Vulnerability scanning of website with vulnerability scanner.
3. Exploiting vulnerabilities with web applications based exploits.
4. Documenting their report with proof of concept.

Comments

Post a Comment

Popular posts from this blog

Managing Output with Manipulators in C++

Well, when I started studying C++ or you can say when I was forced to study CPP I was like already I have Maths, Physics and Chemistry to study so why this shitty extra burden on my shoulders. But that subject which I was forced to study or having no other option instead of studying CPP became my passion now. Anyways that's a hell of a story! So, this piece of reading will give you an explanation about what are manipulators and how they are implemented in CPP. Manipulators By the name you might have already thought that this is going to be something related to manipulation of something. Well, you are on a right track So, you already got an idea what it is about I would like to make it clear that what is that "something". That something is nothing but Input and Output operations. Well, in this post we will be focusing mainly on Managing Output with Manipulators. Lets, start the boring thing! The header file iomanip provides a set of functions call
Read more

What is sniffing?

Image
Wiretapping is a process of monitoring the telephone and internet conversations by a third party attackers connect a hardware or software or combination of both to the switch carrying information between two phones or hosts on the internet. Types of wire taping 1. Active wire taping : It only monitors, records the traffic (silently) and also alters the traffic. 2. Passive wire taping : It only monitors and records the traffic. Sniffing attacks are vulnerable to following protocols. 1. Telnet 2. FTP 3.SMTP 4. HTTP 5. POP3 6. NTP 7. IMAP 8. SNMP 9. RDP In network sniffing attacks are mostly done on data link layer and network layer of OSI reference model based switches Recommended sniffing tool is Wireshark.  Wireshark is available for both windows and Linux , it is the best tool for sniffing and it's absolutely free . You can download Wireshark from their official site  Wireshark download . Session Hijack
Read more

Creating a bootable USB.

A lot of people just asks me how to create a bootable USB easily. The funny part is that they mainly ask how to make it for Linux, I mean bro, if you don't know even how to make a bootable USB then you better should stick with windows OS, because it suits you better, but for the people who are reading this article for creating bootable USB, guys, first of all, I will tell you the simplest method. Don’t expect from me to explain to you how to make it using the command prompt. So, all you need is one software of 1 MB, your ISO file, a computer and yeah USB. So, just download the software Rufus from their official site(first link after typing Rufus on Google). Then make sure your ISO image file is downloaded. Now run the Rufus.exe file and then select the USB disk, from the first 'disk' option then in the bottom right of the application there will be a mall option.  Looking like a CD mounted on HDD. Click on that and select the ISO image file. A
Read more