Till yesteryears it required Tech
Geeks to have an above average knowledge to hack a website but these
days it has become a child’s play. Like conventional searches, you can
Google out the tools required to plan a Hack-Attack on a website and
with a little effort you can execute the same with ease. Here it is, in 4
easy steps, how hackers execute it.
Step 1: Identifying
The Hacktivists first identify their target website which they want
to attack upon. They first qualify the website, according to the
vulnerability level, they wish to attack. Checking the vulnerability of
the website allows the hacker to prepare tools and techniques required
to bring down the website.
Hackers generally use Google Dork, or Google Hacking, to execute a
vulnerability check against these easy-to-hack websites. It was very
recent that a hacker posted a list of 5,000 such websites which were
really easy to be attacked. If they don’t wish to Google it out, they
can Bing it. This tool is heaven for hackers as it helps in qualifying
such websites.
Hackers have a ready-to-refer index of Dorks which points out the
websites having a particular vulnerability. Right from passwords to
Login credentials, there is Dork available for everything. They would
Google “intitle:”Index of” master.passwd” which will return them a file
containing the passwords and then they have the list of potential
victims ready with them to execute the hack.
Step 2: Spotting the vulnerabilities
Acunetix – a Windows based application to test the website –
developed by a UK based company, was designed and is still in prominent
use by developers to test the vulnerabilities in the website, but the
technical expertise of hackers to this tool allows them access to point
out the weakness levels of the website. Once the site is identified for
attack, this tool is used by hackers to check the vulnerability of the
website, as all websites qualified in level 1 may not be susceptible to
attack.
Since the hackers have in-depth knowledge of the above mentioned
software, they can not only crack the version from a trial one, but the
cracked version is also available freely amongst the hacker community.
Once they enter the URL or website address in this software they are
able to point out the loopholes in the website and all they do is, move
to step 3.
Step 3: The Attack on the website – SQL Injection
The SQL injection is the easiest and the most used way by hackers to
hack into a website. It is used by hackers to hack into user accounts
and steal information stored into its databases. This attack aims at
information stealing using some lines of code of SQL (Structured Query
List) which is a database programming language. The hacker’s don’t even
have to learn the language for this attack, as there is an available
software called “Havij” in the hacker forums where it is available free
of cost. It comes as an easily useable application. Havij is originally a
development from Iran. The word itself means carrot, a bad-slang for
the word penis, ultimately meaning that the hack-ware helps penetrating a
website.
Havij has 2 versions – paid and unpaid, both of them differential in
powers of penetrating, although the paid version can be cracked and
downloaded from other hacker forums. The interface of this software
completely simple like any other windows application, which does its
work when a newbie hacker just copies the link of the website needed to
hack and pastes it into the application.
The tasks Havij can perform are very surprising. The best one for
them and worst for the users of the website is called “Get”. It fetches
all the data stored in the target website’s databases which range from
usernames, passwords to phone numbers and bank details.
It is so easy for hackers that within a couple of minutes of their
time, in which they can search, download, and use one or two automated
hack-wares that allows them to access websites which are vulnerable to
such attacks. Very much assured, that the websites of high profile
companies like Google, Microsoft and Facebook are completely safe from
such tools. As mentioned before, the vulnerability of the web is
displayed by the attack made on Sony’s PlayStation Network which led to
the leaking of their customers’ personal information in a very similar
way.
Step 4: The DDoS – The A Game
SQL Injection has been used by the infamous hacktivist community –
Anonymous for over a year now, but they tend to go forth with the DDoS
when simple tools like the Havij don’t work. Again like the SQL
(pronounced Sequel) Injection attack there are freely available tools
for the DDoS as well.
As it appears, the DDoS is also as simple as the SQL Injection
attack. The program used here is called the Low Orbit Ion Cannon (LOIC),
which was brought to life by web developers for stress testing their
own websites, but was later hijacked by hackers to attack the websites
for non-social use.
The LOIC is available to the hackers freely on the website Source
Forge. Again as simple as the Havij, the hackers just have to type in
the link of the website they want to DDoS and the application does the
rest. LOIC overloads the server of the target website with upto 200
requests per second.
Now again, the bigger websites can easily cope up with this type of
an attack without crashing, most of the other websites cannot. Surely if
a group of hackers, although newborn, dedicates itself to the job, it
is very easy for them to complete it.
This type of technology horrifies the readers, but it is very simple
to use by the hackers that they can even control it from their phones,
meaning that they could well be watching a movie with their buddies in
the cinema while attacking the website they want to bring down.
This is not an exhaustive list and processes how the hackers execute
the act but there are many a tutorials on various hacking forums that
teach how to perform the attack. There is no end to this notoriousness,
in many cases a heinous crime, which has caused a loss of millions and
millions of dollars to the world. So are you going to get your website
checked through your developer today? May be today would be a real good
day to get it done.