Dire ctory trave rsal attacks– This most prominent attackmainly exploits the bugs present in web server in order to gain access to unauthorizedfiles and documents, not available in public domain. In case any hacker is able to get access to the unauthorized area, he or she can hack all sensitive information like downloading sensitive information from the target system, executing server commands or installing malware software.
Denial of Service Attacks– This attack leads of crash of web server
program and may disable system to legitimate users.
Hijacking Domain Name System – This technique involves changing
DNS settings and making data or files available to the attacker’s web server. Traffic which was basically directed to your system will be routed to another or some wrong web server.
Sniffing– Data which has not been coded or left Unencrypted and sent
over the transmission network may be interrupted to get access to web server by unfair means.
Phishing–This attach enables hacker to pretend same or impersonate other
website and hack details from the target system by asking personal details. Users unaware of this attack may get trapped and login details related to his or her id, passwords, credit card etc.
Pharming– This attack shortens DNS server in order to change the route
of malicious site.
Defacement– As the name suggest, in this type attacker modifies the
company websites by adding his or her details, images, in order to forge target system.
What will happen in case, attacker gets successful
Company or organization’s reputation is at risk :In case hacker
edits the company’s details and try to include malware information, then other people apart from the target customer will see those details and can be misguided.
Malicious software may force virus, Trojan or botnet software etc.
to enter into user computer system.
Hacker act may force user to Compromise data resulting in
fraudulent activities: This act can push a great loss to the user plus to the
company for whom he or she is working.
Metasploit– this open source tool is used for developing, testing
and many-a-times exploiting code. Web servers vulnerabilities can also be discovered using this tool and even exploiting things in order to compromise the server.
MPack– This PHP written, web exploitation tool, is backed by
database engine called MySQL. In case attacker is able to compromise web server with the help of MPack, network traffic will be transferred to fake or malicious websites.
Zeus– This powerful tool gives you boot or zombie by converting
your compromised computer.Bot is basically a compromised computer designed to perform attacks based on internet whereas botnet is a collective term for compromised computers. Attacker may use Botnet in denial of service attack or for sending spam E-mails.
Neosplit – this tool performs simple operations like installing
programs, deleting programs, replicating etc.
Hacking website
More and more people are now becoming use to Internet .Manufacturers,
businessman, shareholders, etc like high grade officials are creating their websites in order to spread awareness about the company and their offering. This has forced them to seek web developers in order to make user-friendly applications that allow user and the company to interact and solve most of the queries online only. Hackers mainly attack these sources to get information about the active users of a company. Taking an example of shopping site, where you select the list of items you want to buy and then company website asks you to enter your basic details like name, user name, Id, password and then while payment, they ask you for credit card details .In case web developer has used poorly written or weak codes for running this
application, then hacker may attach and get the desired information about you from the company’s website.
Web Applications and threats associated with it.
Website or any web application works on the very famous model of client-server, wherein server contains complete details of database access along with the logic with which the company is running. This server mostly runs on a web server. Coming on client side, client application on the other hand runs on web server of client itself . Web applications are mostly written in Java, C# and VB.Net, PHP, ColdFusion
Markup Language etc. like languages and MySQL, MS SQL Server, PostgreSQL, SQLite etc. database engine
It has been found that most of web applications are accessible to the public via internet because they are hosted on public servers. This increases their vulnerability to attacks because of wider spectrum.
Hacking Linux System
Linux is the operating system which is mainly used for web servers. This operating system is the only one which is open source means it provide the code to the users. So as compare to other operating system Linux is less secure operating system because the attackers can read its code and can find out the weaknesses in the code, so by exploiting the code un-authorized access can be gained by the attackers.
There are many distributions of Linux based operating system such as Redhat, Fedora and Ubuntu etc. but among them Linux is less secured operating system because the vulnerabilities can be found from it by reading the code of this operating system which can motivate the attackers to gain un-authorized access of the code. This operating system can run on servers, desktop, tablets etc.
Linux Hacking Tools :
There are so many Linux Hacking tools available over the internet. Some of them are described here:
Nessus: To scan the configuration settings, patches, network related
information this tool can be downloaded from the internet.
NMap: To monitor the number of users and processes running on the
server, this tool can be utilized. This tool can also monitor the ports of the servers.
SARA (Security Auditor’s Research Assistance): The audit the network
against threats such as SQL Injection, XSS etc, and this tool can be utilized.