Assalamualaikum...
Various cases of attacks on a website has now become a trend in itself. Many government websites , school , business , or personal web is a target for attackers . it is the impact of the weakness of the security system that is owned by the web . is " There is no perfect system " but at least " Try to improve existing deficiencies to make it better " by Bima :)
What is web attack ?
Web attack is an activity undertaken by a person by using a slit or side vulnerabilities on web applications and servers . Actually it is not difficult to do seebuah hacking activity , it's just that it takes patience and a strong willingness to get the hang of it . However , most of the instances cara2 prefer to utilize tools that easier . in terms of techniques and methods if it is not too complicated to learn , as long as the basic tau prior fundamentally :) " No need to be a hacker to be able Hacking " by Bima ;)
So , before studying the techniques and methods , it is good to know first base and basically whatever the term is often done in the world , especially web hacking attack . Here I just want to share what I know , there was no intention to teach or patronizing , may be useful for the needy .. :)
Web Attack groove
There are various ways in which an attacker to find the weaknesses and break through a security system in order to gain full access to the website . The following is an overview of the flow of web attacks based on what I did in the process of web attack :
Single Web Attack
Gathering Information> Exploitation > Upload Shell > Rooting > Deface > Archive
In this case the attacker will determine web targets attacked , then search for and collect information related to the target websites such as the use of servers , web applications , etc. . Here the attacker scanning process on the web to get all the necessary information including the weaknesses or loopholes that can be exploited to gain full access rights in the Web ( Exploitation ) so that it can be done planting the shell or backdoor ( Upload Shell ) . Common weaknesses found in many web applications are SQL injection , XSS , CSRF , Upload Vulnerabilities , etc. . Only drawback is the most risky and most easily used in the attack is to use the web upload facility available on the web application features so easily biased attacker to upload a shell remotely or direct upload .
Random Web Attack
Find Exploit > Dorking > Exploitation > Upload Shell > symbolic link / Jumping > Crack Cpanel / WHM > Rooting > Deface > Archive
Well , this technique is most often used by the Defacer apart easily and do not need hard hard find holes in the web application and can get a lot of victims at random based on the dork that used in finding the target web .
EmoticonEmoticon