4 easy steps to hack a website

Step 1: Identifying
The Hacktivists first identify their target
website which they want to attack upon. They
first qualify the website, according to the
vulnerability level, they wish to attack.
Checking the vulnerability of the website allows
the hacker to prepare tools and techniques
required to bring down the website.
Hackers generally use Google Dork, or Google
Hacking, to execute a vulnerability check
against these easy-to-hack websites. It was
very recent that a hacker posted a list of
5,000 such websites which were really easy to
be attacked. If they don’t wish to Google it
out, they can Bing it. This tool is heaven for
hackers as it helps in qualifying such websites.
Hackers have a ready-to-refer index of Dorks
which points out the websites having a
particular vulnerability. Right from passwords
to Login credentials, there is Dork available for
everything. They would Google “intitle:”Index
of” master.passwd” which will return them a
file containing the passwords and then they
have the list of potential victims ready with
them to execute the hack.
Step 2: Spotting the vulnerabilities
Acunetix – a Windows based application to test
the website – developed by a UK based
company, was designed and is still in
prominent use by developers to test the
vulnerabilities in the website, but the technical
expertise of hackers to this tool allows them
access to point out the weakness levels of the
website. Once the site is identified for attack,
this tool is used by hackers to check the
vulnerability of the website, as all websites
qualified in level 1 may not be susceptible to
attack.
Since the hackers have in-depth knowledge of
the above mentioned software, they can not
only crack the version from a trial one, but
the cracked version is also available freely
amongst the hacker community. Once they
enter the URL or website address in this
software they are able to point out the
loopholes in the website and all they do is,
move to step 3.
Step 3: The Attack on the website – SQL
Injection
The SQL injection is the easiest and the most
used way by hackers to hack into a website. It
is used by hackers to hack into user accounts
and steal information stored into its databases.
This attack aims at information stealing using
some lines of code of SQL (Structured Query
List) which is a database programming
language. The hacker’s don’t even have to learn
the language for this attack, as there is an
available software called “Havij” in the hacker
forums where it is available free of cost. It
comes as an easily useable application. Havij is
originally a development from Iran. The word
itself means carrot, a bad-slang for the word
penis, ultimately meaning that the hack-ware
helps penetrating a website.
Havij has 2 versions – paid and unpaid, both
of them differential in powers of penetrating,
although the paid version can be cracked and
downloaded from other hacker forums. The
interface of this software completely simple
like any other windows application, which does
its work when a newbie hacker just copies the
link of the website needed to hack and pastes
it into the application.
The tasks Havij can perform are very
surprising. The best one for them and worst
for the users of the website is called “Get”. It
fetches all the data stored in the target
website’s databases which range from
usernames, passwords to phone numbers and
bank details.
It is so easy for hackers that within a couple
of minutes of their time, in which they can
search, download, and use one or two
automated hack-wares that allows them to
access websites which are vulnerable to such
attacks. Very much assured, that the websites
of high profile companies like Google,
Microsoft and Facebook are completely safe
from such tools. As mentioned before, the
vulnerability of the web is displayed by the
attack made on Sony’s PlayStation Network
which led to the leaking of their customers’
personal information in a very similar way.
Step 4: The DDoS – The A Game
SQL Injection has been used by the infamous
hacktivist community – Anonymous for over a
year now, but they tend to go forth with the
DDoS when simple tools like the Havij don’t
work. Again like the SQL (pronounced Sequel)
Injection attack there are freely available tools
for the DDoS as well.
As it appears, the DDoS is also as simple as the
SQL Injection attack. The program used here is
called the Low Orbit Ion Cannon (LOIC), which
was brought to life by web developers for
stress testing their own websites, but was later
hijacked by hackers to attack the websites for
non-social use.
The LOIC is available to the hackers freely on
the website Source Forge. Again as simple as
the Havij, the hackers just have to type in the
link of the website they want to DDoS and the
application does the rest. LOIC overloads the
server of the target website with upto 200
requests per second.
Now again, the bigger websites can easily cope
up with this type of an attack without crashing,
most of the other websites cannot. Surely if a
group of hackers, although newborn, dedicates
itself to the job, it is very easy for them to
complete it.
This type of technology horrifies the readers,
but it is very simple to use by the hackers that
they can even control it from their phones,
meaning that they could well be watching a
movie with their buddies in the cinema while
attacking the website they want to bring down.
This is not an exhaustive list and processes
how the hackers execute the act but there are
many a tutorials on various hacking forums
that teach how to perform the attack. There is
no end to this notoriousness, in many cases a
heinous crime, which has caused a loss of
millions and millions of dollars to the world.
So are you going to get your website checked
through your developer today? May be today
would be a real good day to get it done.