hacking project..;) (2)

8/7/2019 Hacking Project..;) (2)

1/50

Ethical Hacking

Submitted To:Submitted By:

Miss.GURSIMRAT KAUR YOGINDERGARG(8636)

NISHANT MUKHIJA(8613)

SUHIRD DANIEL(8677)

RIMT POLYTECHINIC- COLLEGE


2/50

Acknowledgement

First and foremost, we would like toexpress our sincere gratitude of our project guide to MR ANKIT FADIA. Wewere privileged to experience a sustained

enthusiastic and involved interest fromhis side. This fueled our enthusiasm evenfurther and encouraged us to boldly stepinto what was a totally dark andunexplored expanse before us.We would also like to thank our seniorswho were ready with a positive comment

all the time, whether it was an off-handcomment to encourage us or aconstructive piece of criticism and aspecial thank my team member and mymentors in world of hacking

Last but not least, We would like to thankthe RIMT-POLY staff members and theinstitute, in general, for extending ahelping hand at every juncture of need.



3/50

HACKING THE STUDY OF EXPLOITATIONHACKING THE STUDY OF EXPLOITATION

It's not the daily increase but daily decrease. Hack away at the

unessential.

WHAT IS THE HACKER ???????????

In common usage, a hacker is a person who breaks into computers, usually by gaining

access to administrative controls.

Other uses of the word hacker exist that are not related to computer security (comput

programmer and home computer hobbyists), but these are rarely used by the mainstre

media. Some would argue that the people that are now

considered hackers are not hackers, as before the media described the person who bre

into computers as a hacker

there was a hacker community. This community was a community of people who had a

interest in computer programming, often sharing, without restrictions, the source codthe software they wrote.

These people now refer to the cyber-criminal hackers as "crackers

The subculture that has evolved around hackers is often referred to as the computer

underground. Proponents

claim to be motivated by artistic and political ends, and are often unconcerned about

use of illegal means to achieve them.

History

Hacking developed alongside "Phone Phreaking", a termreferred to exploration of the phone network withoutauthorization, and there has often been overlap between bothtechnology and participants. Bruce Sterling traces part of theroots of the computer underground to the Yippee, a 1960s



4/50

counterculture movement which published the TechnologicalAssistance Program (TAP) newsletter. [3]. Other sources ofearly 70s hacker culture can be traced towards more beneficialforms of hacking, including MIT labs or the homebrew club,which later resulted in such things as early personal computers

or the open source movement.

Hacker attitudes

Several subgroups of the computer underground with differentattitudes and aims use different terms to demarcatethemselves from each other, or try to exclude some specificgroup with which they do not agree. Eric S. Raymondadvocates that members of the computer underground shouldbe called crackers. Yet, those people see themselves ashackers and even try to include the views of Raymond in whatthey see as one wider hacker culture, a view harshly rejectedby Raymond himself. Instead of a hacker/cracker dichotomy,they give more emphasis to a spectrum of different categories,such as white hat (ethical hacking), grey hat, blackhat and script kiddie. In contrast to Raymond, they usuallyreserve the term cracker to refer to black hat hackers, or moregenerally hackers with unlawful intentions.

Types of hacking:-

White hat

Grey hat

Black hat

Script kiddie

Hacktivist

White hat:-A white hat hacker breaks security for non-

malicious reasons, for instance testing their own security

system. This type of hacker enjoys learning and working with

computer systems, and consequently gains a deeper

understanding of the subject. Such people normally go on to



5/50

use their hacking skills in legitimate ways, such as becoming

security consultants. The word 'hacker' originally included

people like this, although a hacker may not be someone into

security.

Grey hat:-A grey hat, in the hacking community, refers to

a skilled hacker who sometimes acts illegally, sometimes in

good will, and sometimes not. They are a hybrid

between white and black hathackers. They usually do not

hack for personal gain or have malicious intentions, but may

or may not occasionally commit crimes during the course of

their technological exploits.



6/50

Black hat:-A black hat is the villain or bad guy, especially in

a western movie in which such a character would wear a

black hat in contrast to the hero's white hat. The phrase is

often used figuratively, especially in computing slang,

where it refers to a hacker who breaks into networks or

computers, or creates computer viruses.[1]

Script kiddie:-A script kiddie is a non-expert who breaks

into computer systems by using pre-packaged automated

tools written by others, usually with little understanding.

These are the outcasts of the hacker community.

Hacktivist:-A hacktivist is a hacker who utilizes technology

to announce a social, ideological, religious, or political

message. In general, most hacktivism involves website

defacement or denial-of-service attacks. In more extreme

cases, hacktivism is used as tool for Cyber terrorism.

Hacktivists are also known as Neo Hackers

Hacktivism (a portman

teau of hack and activism) is "the nonviolent use of illegal or



7/50


8/50

holes that may result from substandard programming practice.

Other exploits would be able to be used

through FTP, HTTP, PHP, SSH, Telnet and some web-pages.

These are very common in website/domain hacking.

Password cracking

Password cracking is the process ofrecovering passwords from data that has been stored in ortransmitted by a computer system. A common approach is torepeatedly try guesses for the password.

Packet sniffer

A packet sniffer is an application that captures data packets,which can be used to capture passwords and other data in

transit over the network.

Spoofing attackA spoofing attack involves one program, system, or website

successfully masquerading as another by falsifying data and

thereby being treated as a trusted system by a user or another

program. The purpose of this is usually to fool programs,

systems, or users into revealing confidential information, such

as user names and passwords, to the attacker.

Rootkit



9/50

A rootkit is designed to conceal the compromise of a

computer's security, and can represent any of a set of

programs which work to subvert control of an operating

system from its legitimate operators. Usually, a rootkit will

obscure its installation and attempt to prevent its removal

through a subversion of standard system security. Rootkits

may include replacements for system binaries so that it

becomes impossible for the legitimate user to detect the

presence of the intruder on the system by looking at process

tables.

Social engineeringSocial Engineering is the art of getting persons to reveal

sensitive information about a system. This is usually done by

impersonating someone or by convincing people to believe you

have permissions to obtain such information.

Trojan horseA Trojan horse is a program which seems to be doing one

thing, but is actually doing another. A trojan horse can be used

to set up a door in a computer system such that the intruder

can gain access later. (The name refers to the horse from

the Trojan War, with conceptually similar function of deceiving

defenders into bringing an intruder inside.

VirusA virus is a self-replicating program that spreads by inserting

copies of itself into other executable code or documents.

Therefore, a computer virus behaves in a way similar to

a biological virus, which spreads by inserting itself into living

cells.



10/50

While some are harmless or mere hoaxes most computer virus

are considered malicious.

WormLike a virus, a worm is also a self-replicating program. A worm

differs from a virus in that it propagates through computer

networks without user intervention. Unlike a virus, itdoes not

need to attach itself to an existing program. Many people

conflate the terms "virus" and "worm", using them both to

describe any self-propagating program.



11/50

Key loggersA keylogger is a tool designed to record ('log') every keystroke

on an affected machine for later retrieval. Its purpose is

usually to allow the user of this tool to gain access to

confidential information typed on the affected machine, such

as a user's password or other private data. Some key loggers

uses virus-, trojan-, and rootkit-like methods to remain active

and hidden. However, some key loggers are used in legitimate

ways and sometimes to even enhance computer security. As an

example, a business might have a key logger on a computer

that was used as at a Point of Sale and data collected by the

key logger could be use for catching employee fraud

PhishingPhishing is a way of attempting to acquire sensitive

information such as usernames,passwords and credit card

details by masquerading as a trustworthy entity in

anelectronic communication. Communications purporting to be

from popular social web sites, auction sites, online payment

http://en.wikipedia.org/wiki/Point_of_Salehttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Point_of_Salehttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Electronic_communication


12/50

processors or IT administrators are commonly used to lure the

unsuspecting public. Phishing is typically carried out bye-

mailorinstant messaging, and it often directs users to enter

details at a fake website whose look and feelare almost

identical to the legitimate one. Phishing is an example ofsocial

engineering techniques used to fool users, and exploits the

poor usability of current web security technologies. Attempts

to deal with the growing number of reported phishing

incidents include legislation, user training, public awareness,

and technical security measures.

A phishing technique was described in detail in 1987, and the

first recorded use of the term "phishing" was made in 1996.

The term is a variant of fishing, probably influencedbyphreaking, and alludes to baits used to "catch" financial

information and passwords.

Sql injectionSQL injection is a code injection technique that exploits a security

vulnerabilityoccurring in the database layer of an application. Thevulnerability is present when user input is either incorrectly filteredforstring literalescape characters embedded in SQL statements oruser input is notstrongly typedand thereby unexpectedly executed.It is an instance of a more general class of vulnerabilities that canoccur whenever one programming or scripting language isembedded inside another. SQL injection attacks are also known asSQL insertion attacks.

http://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/wiki/Legislationhttp://en.wikipedia.org/wiki/Phreakinghttp://en.wikipedia.org/wiki/Code_injectionhttp://en.wikipedia.org/wiki/Security_vulnerabilityhttp://en.wikipedia.org/wiki/Security_vulnerabilityhttp://en.wikipedia.org/wiki/Databasehttp://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/String_literalhttp://en.wikipedia.org/wiki/Escape_sequenceshttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Strongly-typed_programming_languagehttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/wiki/Legislationhttp://en.wikipedia.org/wiki/Phreakinghttp://en.wikipedia.org/wiki/Code_injectionhttp://en.wikipedia.org/wiki/Security_vulnerabilityhttp://en.wikipedia.org/wiki/Security_vulnerabilityhttp://en.wikipedia.org/wiki/Databasehttp://en.wikipedia.org/wiki/Application_softwarehttp://en.wikipedia.org/wiki/String_literalhttp://en.wikipedia.org/wiki/Escape_sequenceshttp://en.wikipedia.org/wiki/SQLhttp://en.wikipedia.org/wiki/Strongly-typed_programming_language


13/50

PROJECTREPORT

Password Cracking

SOFTWARE CRACKINGSoftware cracking is the modification of software to remove

protection methods. This is a type of reverse engineering.

Reverse engineering means study the design, structure and

pattern of process to know how things are work and modifythem for some other use, mainly personal use. The main

reasons for software cracking is:

For understanding algorithms used in software for use in

there own programs.

Making shareware software full-version.



14/50

1. PASSWORD CRACKINGPassword cracking is a type of software cracking. Since

password form one of the foundation of security for most of

the systems and networks, cracking password is high on the

list of priorities for the attackers trying to break into and

compromise such systems. Password cracking is the process of

recovering secret passwords. Main method of cracking is

guessing. So password cracking is the process of guessing the

password for an application or system until the correct one is

found.

Cracking password can be approached in two ways. They

are: Online Cracking and Offline cracking.

Online CrackingThis approach involves sniffing the network traffic to

capture authentication sessions and try to extract passwords

from the captured information. This is generally slow and

difficult to accomplish, but there are some tools are available

that are specially designed for sniffing out password from

network traffic.

Offline CrackingThis is the preferred method. This involves compromising

a system to gain access to the password file or database and

then running a tool called password cracker to try to guessvalid password for user account. Offline cracking can be

performed on the compromised machine or the password file

can be grabbed and copied to a machine located outside the

compromised network to be cracked at leisure, even some

worms such as Double Tap and Lion can automatically grab

passwords from infected systems.

Principal attack methods used in passwordcracking:

There are many methods that are used to crack

passwords. Some of them are given below:

Weak encryption

Guessing

Dictionary Attack

Brute Force Attack



15/50

Hybrid Attack

Precomputation

Memorization

Password Grinding

Weak EncryptionSometimes we use cryptographically weak function to store

password. In most of the computers, before storing the

password into the database it encrypt the password and stores

in some place. Or it may use some hash function for this. If the

system uses some weak function to encrypt password the

cracker needs only a fewer operation to decrypt this.

One example for this is LM hash that Microsoft Windows

uses by default to store user passwords that are less than 15

characters in length. LM hash breaks the password in to two 7-character fields which are then hashed separately, allowing

each half to be attacked separately.

Guessing

This is the simplest method. Not surprisingly many of the

people use very weak passwords such as blank, the word

'password', 'passcode' and some other words having themeaning of password, the users name or the login name, the

name some significant relatives of the user, their birth place,

date, pets name, passport number etc and some users

neglect to change the default password.

Sometimes it is very easy to crack the password if we have a

good idea about the behavior of the user. So by guessing we

can easily crack these passwords.

Dictionary Attack

This type of attack uses some password cracking tools (we will

discuss these later). The tool will be equipped with

a dictionary which contains some commonly used passwords,

name of places, common names, and other commonly used

words. The password cracking tool then encrypt these words



16/50

by using all commonly used encryption methods and then by

using some good searching algorithms check whether a valid

match is found or not.

This is a simple method. And also this is the commonly

used method. It can perform both online and offline cracking.

Brute Force attackIn this method the cracker try all combinations of letters

and digits. This is the simplest and least efficient method. This

is the most time consuming method .This is used when the

dictionary fails. By using the letters, digits and special symbols

it generate every possible length until the correct one is found

or the attacker gives up. The ease with which the password

can be cracked varies with different platforms and systems. OS

much as Microsoft windows server 2003 store the password

securely in encrypted form. To crack such passwords usuallyrequires at the minimum physical access to the system using

administrative credentials and even then Brute force is usually

the only the approach for extracting password.

User applications such as office productivity tools can

protect document with passwords, and these are generally

easier to crack. Older platforms such as windows 95 stored

password information in '.pwl' files that were weakly encrypted

and easy to crack. In this approach the feasibility is dependent

upon the length of the key, the computational power available

for the process, and the patients of the attacker. This is also

used in both online and offline cracking.

Hybrid Attack

This is the combination of both Dictionary and Brute force

attack. In addition to cracking passwords it is used for

guessing community names on a network that uses simple

network management protocol. In a typical hybrid attack the

cracking program generates short strings of characters andadds them to the beginning and end of the dictionary words.

Eg: A password such as daisy 123 would likely crack very

quickly through a hybrid attack, which would try the world

daisy with various short strings of characters appended.



17/50

Precomputation

This involves hashing each words in the dictionary and store in

the form of pairs in a way that enables lookup on the ciphertext field. This is very useful only when salt is not properly

used in the program (Salting will be explained later). By

applying time-memory trade-off, a middle ground can be

reached search space of size N can be turned into an

encrypted database of size O(N 2/3) in which searching for an

encrypted password takes time O(N 2/3).

Memorization

This is a method similar to precomputation. This is used to

crack multiple passwords at cost of cracking just one. Since

encrypting a word takes much longer than comparing it with a

stored word, a lot of effort is saved by encrypting each word

only once and comparing it with each of the encrypted

passwords using an efficient list searching algorithm.

Passwordgrinding

This is manually trying to guess passwords for an application,

system, or network. This is a primitive form of password

cracking in which the attacker simply attempts to log on

repeatedly to the target machine, trying different passwords

until either the correct one is guessed or the system locks out

the attacker. While this might seem like a fruitless activity, it

is amazing how many users employ the word password as their

passwords and how many administrators fail to change or

disable the default passwords included with devices such asrouters they install on their networks. Even considering the

marked exaggeration of hacking abilities depicted in movies

like WarGames and Mission Impossible, a knowledgeable

cracker can occasionally succeed using this simple method and

then leverage the obtained password to further compromise a

target system or network.



18/50

KEYLOGGERS

INTRODUCTION TO KEYLOGGERS

Keystroke logging (often called key logging) is the action oftracking (or logging) the keys struck on a keyboard, typicallyin a covert manner so that the person using the keyboard is

unaware that their actions are being monitored. There arenumerous key logging methods, ranging from hardware andsoftware-based approaches to electromagnetic and acousticanalysis.

TYPES OF KEYLOGGERS

Software-based key loggers

A log files from a software-based key logger.Screen capture of what the software-based key logger abovewas logging.These are software programs designed to work on the targetcomputers operating system. From a technical perspectivethere are five categories:Hypervisor-based: The key logger can theoretically reside in amalware hypervisor running underneath the operating system,which remains untouched. It effectively becomes a virtualmachine. Blue Pill is a conceptual example.Kernel based: This method is difficult both to write and tocombat. Such key loggers reside at the kernel level and arethus difficult to detect, especially for user-mode applications.They are frequently implemented as root kits that subvert theoperating system kernel and gain unauthorized access to thehardware, making them very powerful. A key logger using thismethod can act as a keyboard driver for example, and thusgain access to any information typed on the keyboard as itgoes to the operating system.



19/50

API-based: These keyloggers hook keyboard APIs; theoperating system then notifies the keylogger each time a keyis pressed and the keylogger simply records it. APIs such asGetAsyncKeyState(), GetForegroundWindow(), etc. are used to

poll the state of the keyboard or to subscribe to keyboardevents.[1] These types of keyloggers are the easiest to write,but where constant polling of each key is required, they cancause a noticeable increase in CPU usage, and can also missthe occasional key. A more recent example simply polls theBIOS for preboot authentication PINs that have not beencleared from memory.Form Grabber based: Form Grabber-based keyloggers log webform submissions by recording the web browsing onSubmitevent functions. This records form data before it is passedover the internet and bypasses https encryption.

Packet analyzers: This involves capturing network trafficassociated with HTTP POST events to retrieve unencryptedpasswords.[edit]Remote access software keyloggersThese are local software keyloggers with an added feature thatallows access to the locally recorded data from a remotelocation. Remote communication may be achieved using one ofthese methods:Data is uploaded to a website, database or an FTP server.Data is periodically emailed to a pre-defined email address.Data is wirelessly transmitted by means of an attached

hardware system.The software enables a remote login to the local machine fromthe Internet or the local network, for data logs stored on thetarget machine to be accessed.Related featuresSoftware Keyloggers may be augmented with features thatcapture user information without relying on keyboard keypresses as the sole input. Some of these features include:Clipboard logging. Anything that has been copied to theclipboard can be captured by the program.Screen logging. Screenshots are taken in order to capture

graphics-based information. Applications with screen loggingabilities may take screenshots of the whole screen, just oneapplication or even just around the mouse cursor. They maytake these screenshots periodically or in response to userbehaviours (for example, when a user has clicked the mouse).A practical application used by some keyloggers with thisscreen logging ability is to take small screenshots aroundwhere a mouse has just clicked; these defeat web-based



20/50

keyboards (for example, the web-based screen keyboards thatare often used by banks) and any web-based on-screenkeyboard without screenshot protection.Programmatically capturing the text in a control. The MicrosoftWindows API allows programs to request the text 'value' in

some controls. This means that some passwords may becaptured, even if they are hidden behind password masks(usually asterisks).The recording of every program/folder/window openedincluding a screenshot of each and every website visited, alsoincluding a screenshot of each.The recording of search engines queries, Instant MessengerConversations, FTP Downloads and other internet basedactivities (including the bandwidth used).In some advanced software keyloggers, sound can be recordedfrom a user's microphone and video from a user's webcam.

[citation needed]Hardware-based keyloggers

A hardware-based keylogger.

A connected hardware-based keylogger.Main article: Hardware keylogger

Hardware-based keyloggers do not depend upon any softwarebeing installed as they exist at a hardware level in a computersystem.Firmware-based: BIOS-level firmware that handles keyboardevents can be modified to record these events as they areprocessed. Physical and/or root-level access is required to themachine, and the software loaded into the BIOS needs to becreated for the specific hardware that it will be running on.

Keyboard hardware: Hardware keyloggers are used for

keystroke logging by means of a hardware circuit that isattached somewhere in between the computer keyboard andthe computer, typically inline with the keyboard's cableconnector. More stealthy implementations can be installed orbuilt into standard keyboards, so that no device is visible onthe external cable. Both types log all keyboard activity to theirinternal memory, which can be subsequently accessed, forexample, by typing in a secret key sequence. A hardware



21/50

keylogger has an advantage over a software solution: it is notdependent on being installed on the target computer'soperating system and therefore will not interfere with anyprogram running on the target machine or be detected by anysoftware. However its physical presence may be detected if,

for example, it is installed outside the case as an inline devicebetween the computer and the keyboard. Some of theseimplementations have the ability to be controlled andmonitored remotely by means of a wireless communicationstandard.[citation needed]Wireless keyboard sniffers

These passive sniffers collect packets of data beingtransferred from a wireless keyboard and its receiver. Asencryption may be used to secure the wireless communicationsbetween the two devices, this may need to be cracked

beforehand if the transmissions are to be read.Keyboard overlays

Criminals have been known to use keyboard overlays on ATMsto capture people's PINs. Each keypress is registered by thekeyboard of the ATM as well as the criminal's keypad that isplaced over it. The device is designed to look like an integratedpart of the machine so that bank customers are unaware of itspresence.Acoustic keyloggers

Acoustic cryptanalysis can be used to monitor the soundcreated by someone typing on a computer. Each character onthe keyboard makes a subtly different acoustic signature whenstroked. It is then possible to identify which keystrokesignature relates to which keyboard character via statisticalmethods such as frequency analysis. The repetition frequencyof similar acoustic keystroke signatures, the timings betweendifferent keyboard strokes and other context information suchas the probable language in which the user is writing are usedin this analysis to map sounds to letters. A fairly longrecording (1000 or more keystrokes) is required so that a big

enough sample is collected.

Electromagnetic emissionsIt is possible to capture the electromagnetic emissions of awired keyboard from up to 20 metres (66 ft) away, withoutbeing physically wired to it.[7] In 2009, Swiss researchestested 11 different USB, PS/2 and laptop keyboards in a semi-Anechoic chamber and found them all vulnerable, primarily



22/50

because of the prohibitive cost of adding shielding duringmanufacture.[8] The researchers used a wide-band receiver totune into the specific frequency of the emissions radiated fromthe keyboards.

Various software based key loggers used are :

1. Ardman key logger2. Award key logger3. Ecosoft key logger4. Perfect key logger5. Family key logger6. Spy boss key logger

Various Hardware based key logger:

1. key ghost key logger

2. key devil key logger3. usb key logger



23/50

KEY LOGGER USED IN PROJECT FOR

DEMO

PHISHING

What is Phishing ?



24/50

The term phishing is a general term for the creation and use bycriminals of e-mails and websites designed to look like theycome from well-known, legitimate and trusted businesses,financial institutions and government agencies in an attemptto gather personal, financial and sensitive information. These

criminals deceive Internet users into disclosing their bank andfinancial information or other personal data such as usernamesand passwords, or into unwittingly downloading maliciouscomputer code onto their computers that can allow thecriminals subsequent access to those computers or the usersfinancial accounts.iiAlthough phishing, identity theft and identity fraud are termsthat are sometimes used interchangeably, some distinctionsare in order. Phishing is best understood as one of a number ofdistinct methods that identity thieves use to stealinformation through deception that is, by enticing unwitting

consumers to give out their identifying orfinancial information either unknowingly or under falsepretenses, or by deceiving them into allowing criminalsunauthorized access to their computers and personal data. TheUnited States and some other countries use the term identitytheft, and the United Kingdom often uses the term identityfraud, to refer broadly to the practice of obtaining andmisusing others identifying information for criminal purposes.Identity fraud also can be used to refer to the subsequentcriminal use of others identifying information to obtain goodsor services, or to the use of fictitious identifying information

(not necessarily associated with a real living person) to commita crime.Phishing is committed so that the criminal may obtainsensitive and valuable information about a consumer, usuallywith the goal of fraudulently obtaining access to theconsumers bank or other financial accounts. Often phisherswill sell credit card or account numbers to other criminals,turning a very high profit for a relatively small technologicalinvestment.



25/50

How phishing comitted?

In a typical phishing scheme, criminals who want to obtainpersonal data from people online first create unauthorized

replicas of (or spoof) a real website and e-mail, usually froma financial institution or another company that deals withfinancial information, such as an online merchant. The e-mailwill be created in the style of e-mails by a legitimate companyor agency, using its logos and slogans. The nature and formatof the principal website creation language, Hypertext MarkupLanguage, make it very easy to copy images or even an entirewebsite. While this ease of website creation is one of thereasons that the Internet has grown so rapidly as acommunications medium, it also permits the abuse oftrademarks, tradenames, and other corporate identifiers upon

which consumers have come to rely as mechanisms forauthentication.Phishers typically then send the "spoofed" e-mails to as manypeople as possible in an attempt to lure them in to the scheme.(In some spear phishing attacks (see section on SpearPhishing below), phishers have used other illegal means toobtain personal information about a group of people, thentargeted that specific group with e-mails that include illegallyobtained information to make the e-mails appear moreplausible.) These e-mails redirect consumers to a spoofedwebsite, appearing to be from that same business or entity.

The criminals know that while not all recipients will haveaccounts or other existing relationships with these companies,some of them will and therefore are more likely to believe thee-mail and websites to be legitimate. The concept behind manyphishing attacks is similar to that of "pretext" phone calls (i.e.,phone calls from persons purporting to be with legitimateinstitutions or companies asking the call recipients forpersonal information). In fact, the criminals behind these e-mails, websites, and phone calls have no real connection withthose businesses. Their sole purpose is to obtain theconsumers personal data to engage in various fraud

schemes.xvPhishing schemes typically rely on three elements. First,phishing solicitations often use familiar corporate trademarksand tradenames, as well as recognized government agencynames and logos. The use of such trademarks is effective inmany cases because they are familiar to many Internet usersand are more likely to be trusted without closer scrutiny by theusers. Moreover, the indicators that are provided for web



26/50

browsers to assess the validity and security of a website (e.g.,the lock icon or the address bar) can all be spoofed. Thisproblem is further compounded by the lack of standardizedprotocols among financial institutions for how they willcommunicate with their customers and what information they

will request via the Internet.Second, the solicitations routinely contain warnings intendedto cause the recipients immediate concern or worry aboutaccess to an existing financial account. Phishing scamstypically create a sense of urgency by warning victims thattheir failure to comply with instructions will lead to accountterminations, the assessment of penalties or fees, or othernegative outcomes. The fear that such warnings create helpsto further cloudthe ability of consumers to judge whether themessages are authentic. Even if a small percentage of peoplewho receive these fraudulent warnings respond, the ease with

which such solicitations can be distributed to millions ofpeople creates a sizable pool of victims. (It should be notedthat some schemes instead are based on offering positiveincentives, for example by offering the promise of a paymentin return for taking part in an online survey.)Third, the solicitations rely on two facts pertaining toauthentication of the e-mails: (1) online consumers often lackthe tools and technical knowledge to authenticate messagesfrom financial institutions and e-commerce companies; and (2)the available tools and techniques are inadequate for robustauthentication or can be spoofed. Criminals can therefore use

techniques, such as forging of e-mail headers and subjectlines, to make the e-mails appear to come from trustedsources, knowing that many recipients will have no effectiveway to verify the true provenance of the e-mails.

Example Phishing scam targets RoyalBank Customers

In June 2004, the Royal Bank of Canada notified customers thatfraudulent e-mails purporting to originate from the Royal Bankwere being sent out asking customers to verify accountnumbers and personal identification numbers (PINs) through alink included in the e-mail. The fraudulent e-mail stated that ifthe receiver did not click on the link and key in his client cardnumber and pass code, access to his account would beblocked. These e-mails were sent within a week of a computermalfunction that prevented customer accounts from being



27/50

updated. The malfunction impacted payroll deposits that werescheduled to enter many accounts, leaving customers at risk ofmissing mortgage, rent and other payments. The Royal Bankbelieves it is likely someone tried to take advantage of thesituation.

The impact of phishing :

Phishing has four distinct types of impact, both domesticallyand internationally, that areof concern to the commercial andfinancial sectors and to law enforcement in both countries:

Direct Financial Loss. Depending on the type of fraud that acriminal commits with the aid of stolen identifying data,consumers and businesses may lose anywhere from a fewhundred dollars to tens of thousands of dollars. Indeed, smalle-commerce businesses may be particularly hard-hit byidentity fraud. For example, because of credit card associationpolicies, an online merchant who accepts a credit card numberthat later proves to have been acquired by identity theft maybe liable for the full amount of the fraudulent transactionsinvolving that card number.

Erosion of Public Trust in the Internet. Phishing alsoundermines the publics trust in the Internet. By makingconsumers uncertain about the integrity of commercial andfinancial websites, and even the Internets addressing system,phishing can make them less likely to use the Internet forbusiness transactions. People who cannot trust where they areon the World Wide Web are less likely to use it for legitimatecommerce and communications.xxThis perspective finds support in a 2005 Consumer Reportssurvey, which showed declining confidence in the security ofthe Internet. Among several findings, the survey found that 9out of 10 American adult Internet users have made changes totheir Internet habits because of the threat of identity theft,and of those, 30 percent say that they reduced their overallusage. Furthermore, 25 percent say they have stoppedshopping online, while 29 percent of those that still shoponline say they have decreased the frequency of theirpurchases.



28/50

Difficulties in Law Enforcement Investigations. Unlike certainother types of identity theft that law enforcement agenciescan successfully investigate in a single geographic area (e.g.,theft of wallets, purses, or mail), phishing like other types ofcrime that exploit the Internet -- can be conducted from any

location where phishers can obtain Internet access. This caninclude situations in which a phisher in one country takescontrol of a computer in another country, then uses thatcomputer to host his phishing website or send his phishing e-mails to residents of still other countries. Moreover, onlinecriminal activity in recent years has often reflected clearcutdivisions of labor. For example, in an online fraud scheme, thetasks of writing code, locating hosts for phishing sites,spamming, and other components of a full-scale phishingoperation may be divided among people in various locations.This means that in some phishing investigations, timely

cooperation between law enforcement agencies in multiplecountries may be necessary for tracing, identification, andapprehension of the criminals behind the scheme.

Incentives for Cross-Border Operations by CriminalOrganizations. Law enforcement authorities in Canada and theUnited States are concerned that each of the preceding factorsalso creates incentives for members of full-fledged criminalorganizations in various countries to conduct phishingschemes on a systematic basis. Law enforcement already hasindications that criminal groups in Europe are hiring or

contracting with hackers to produce phishing e-mails andwebsites and develop malicious code for use in phishingattacks.

1. Prevention: What to Do? Protect your computer with anti-virus software, spywarefilters, e-mail filters, and firewall programs, and make surethat they are regularly updated.



29/50

o Consider installing a Web browser tool bar to help protectyou from known phishing fraud websites. (Check with yourbrowser or e-mail provider for such toolbars.)

Ensure that your Internet browser is up to date and security

patches applied.o In particular, people who use the Microsoft Internet Explorerbrowser should immediately go to the Microsoft Security homepagehttp://www.microsoft.com/security/to download aspecial patch relating to certain phishing schemes.

Be suspicious of any e-mail with urgent requests for personalfinancial information or threats of termination of onlineaccounts.o Unless the e-mail is digitally signed, you can't be sure itwasn't forged or spoofed.

o Phishers typically ask for information such as usernames,passwords, credit card numbers, social security numbers, etc.o Phisher e-mails are typically not personalized, while validmessages from your bank or e-commerce company generallyare.

When contacting your financial institution, use only channelsthat you know from independent sources are reliable (e.g.,information on your bank card, hard-copy correspondence, ormonthly account statement), and dont rely on links containedin e-mails, even if the web address appears to be correct.

Always ensure that you're using a secure website whensubmitting credit card or other sensitive information via yourWeb browser.o To make sure you're on a secure Web server, check thebeginning of the Web address in your browsers address bar - itshould be "https://" rather than justhttp://.

Regularly log into your online accounts.

o Don't leave them for as long as a month before you check

each account.

Regularly check your bank, credit and debit card statementsto ensure that all transactions are legitimate.

o If anything is suspicious, contact your bank and all cardissuers.



30/50

Don't assume that you can correctly identify a website aslegitimate just by looking at its general appearance. Dont use the links in an e-mail to get to any web page, if yoususpect the message might not be authentic.

o Instead, call the company on the telephone, or log onto thewebsite directly by typing in the Web address in your browser.

Avoid filling out forms in e-mail messages or pop-up windowsthat ask for personal financial information.

o You should only communicate information such as credit cardnumbers or account information via a secure website or thetelephone.

Reporting: Suspicious E-mails andWebsites

Always report a "phishing" or spoofed e-mail or website tothe following groups, whether or not you responded to thatphishing e-mail or website:

o Forward the e-mail to [email protected]

o Forward the e-mail to the "abuse" e-mail address at thecompany that is being spoofed (e.g. "[email protected]")

o In the United States, forward the e-mail to the Federal TradeCommission (FTC) at [email protected] and notify the InternetCrime Complaint Center (IC3) by filing a complaint on itswebsite, http://www.ifccfbi.gov.

o The IC3 is a joint venture of the FBI and a non-profitorganization, the National White Collar Crime Center (NW3C).Through the IC3 website, victims of online crime, includingidentity theft, can report possible criminal activity. Staff at IC3analyze these complaints for patterns and levels of possiblecriminal conduct and, in appropriate cases, provideinvestigative packages of complaint data and otherinformation to federal, state or local investigators andprosecutors in various metropolitan areas throughout the U.S.The IC3 also shares its Internet fraud and identity theftcomplaint data with the FTC for inclusion in the FTCs IdentityTheft Data Clearinghouse.

mailto:[email protected]://www.ifccfbi.gov/mailto:[email protected]://www.ifccfbi.gov/


31/50



32/50

SQL INJECTION

SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms usedby hackers to steal data from organizations. It is perhaps oneof the most common application layer attack techniques usedtoday. It is the type of attack that takes advantage of impropercoding of your web applications that allows hacker to injectSQL commands into say a login form to allow them to gainaccess to the data held within your database.

In essence, SQL Injection arises because the fields available foruser input allow SQL statements to pass through and query the

database directly.

SQL Injection: An In-depth ExplanationWeb applications allow legitimate website visitors to submitand retrieve data to/from a database over the Internet usingtheir preferred web browser. Databases are central to modernwebsites they store data needed for websites to deliverspecific content to visitors and render information tocustomers, suppliers, employees and a host of stakeholders.User credentials, financial and payment information, companystatistics may all be resident within a database and accessed

by legitimate users through off-the-shelf and custom webapplications. Web applications and databases allow you toregularly run your business.

SQL Injection is the hacking technique which attempts to passSQL commands (statements) through a web application forexecution by the backend database. If not sanitized properly,web applications may result in SQL Injection attacks that allowhackers to view information from the database and/or evenwipe it out.

Such features as login pages, support and product requestforms, feedback forms, search pages, shopping carts and thegeneral delivery of dynamic content, shape modern websitesand provide businesses with the means necessary tocommunicate with prospects and customers. These websitefeatures are all examples of web applications which may beeither purchased off-the-shelf or developed as bespokeprograms.



33/50

These website features are all susceptible to SQL Injectionattacks which arise because the fields available for user inputallow SQL statements to pass through and query the databasedirectly.

SQL Injection: A Simple Example

Take a simple login page where a legitimate user would enterhis username and password combination to enter a secure areato view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query isgenerated from these details and submitted to the databasefor verification. If valid, the user is allowed access. In otherwords, the web application that controls the login page willcommunicate with the database through a series of plannedcommands so as to verify the username and passwordcombination. On verification, the legitimate user is grantedappropriate access.

Through SQL Injection, the hacker may input specificallycrafted SQL commands with the intent of bypassing the loginform barrier and seeing what lies behind it. This is onlypossible if the inputs are not properly sanitised (i.e., madeinvulnerable) and sent directly with the SQL query to thedatabase. SQL Injection vulnerabilities provide the means for ahacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic scriptlanguages including ASP, ASP.NET, PHP, JSP, and CGI. All anattacker needs to perform an SQL Injection hacking attack is aweb browser, knowledge of SQL queries and creative guesswork to important table and field names. The sheer simplicityof SQL Injection has fuelled its popularity.

Other contents:Why is it possible to pass SQL Queries to the database eventhough this is hidden behind a firewall?Is my database at risk to SQL Injection?



34/50

What is the impact of SQL Injection?Example of a SQL Injection AttackHow do I prevent SQL Injection attacks?

Why is it possible to pass SQL queries directly to a database

that is hidden behind a firewall and any other securitymechanism?Firewalls and similar intrusion detection mechanisms providelittle or no defense against full-scale SQL Injection webattacks.

Since your website needs to be public, security mechanismswill allow public web traffic to communicate with your web

application/s (generally over port 80/443). The web applicationhas open access to the database in order to return (update)the requested (changed) information.

In SQL Injection, the hacker uses SQL queries and creativity toget to the database of sensitive corporate data through theweb application.

SQL or Structured Query Language is the computer languagethat allows you to store, manipulate, and retrieve data storedin a relational database (or a collection of tables which

organise and structure data). SQL is, in fact, the only way thata web application (and users) can interact with the database.Examples of relational databases include Oracle, MicrosoftAccess, MS SQL Server, MySQL, and Filemaker Pro, all of whichuse SQL as their basic building blocks.

SQL commands include SELECT, INSERT, DELETE and DROPTABLE. DROP TABLE is as ominous as it sounds and in fact willeliminate the table with a particular name.

In the legitimate scenario of the login page example above, the

SQL commands planned for the web application may look likethe following:

SELECT count(*)FROM users_list_tableWHERE username=FIELD_USERNAMEAND password=FIELD_PASSWORD



35/50

In plain English, this SQL command (from the web application)instructs the database to match the username and passwordinput by the legitimate user to the combination it has alreadystored.

Each type of web application is hard coded with specific SQLqueries that it will execute when performing its legitimatefunctions and communicating with the database. If any inputfield of the web application is not properly sanitised, a hackermay inject additional SQL commands that broaden the range ofSQL commands the web application will execute, thus goingbeyond the original intended design and function.

A hacker will thus have a clear channel of communication (or,in layman terms, a tunnel) to the database irrespective of allthe intrusion detection systems and network security

equipment installed before the physical database server.

Is my database at risk to SQL Injection?

SQL Injection is one of the most common application layerattacks currently being used on the Internet. Despite the factthat it is relatively easy to protect against SQL Injection, thereare a large number of web applications that remain vulnerable.

According to the Web Application Security Consortium (WASC)9% of the total hacking incidents reported in the media until27th July 2006 were due to SQL Injection. More recent datafrom our own research shows that about 50% of the websiteswe have scanned this year are susceptible to SQL Injectionvulnerabilities.

It may be difficult to answer the question whether your website and web applications are vulnerable to SQL Injectionespecially if you are not a programmer or you are not theperson who has coded your web applications.

Our experience leads us to believe that there is a significantchance that your data is already at risk from SQL Injection.



36/50

Whether an attacker is able to see the data stored on thedatabase or not, really depends on how your website is codedto display the results of the queries sent. What is certain isthat the attacker will be able to execute arbitrary SQLCommands on the vulnerable system, either to compromise it

or else to obtain information.

If improperly coded, then you run the risk of having yourcustomer and company data compromised.

What an attacker gains access to also depends on the level ofsecurity set by the database. The database could be set torestrict to certain commands only. A read access normally isenabled for use by web application back ends.

Even if an attacker is not able to modify the system, he would

still be able to read valuable information.

What is the impact of SQL Injection?Once an attacker realizes that a system is vulnerable to SQLInjection, he is able to inject SQL Query / Commands throughan input form field. This is equivalent to handing the attackeryour database and allowing him to execute any SQL commandincluding DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on thevulnerable system. This may compromise the integrity of your

database and/or expose sensitive information. Depending onthe back-end database in use, SQL injection vulnerabilitieslead to varying levels of data/system access for the attacker. Itmay be possible to manipulate existing queries, to UNION(used to select related information from two tables) arbitrarydata, use subselects, or append additional queries.

In some cases, it may be possible to read in or write out tofiles, or to execute shell commands on the underlyingoperating system. Certain SQL Servers such as Microsoft SQLServer contain stored and extended procedures (database

server functions). If an attacker can obtain access to theseprocedures, it could spell disaster.

Unfortunately the impact of SQL Injection is only uncoveredwhen the theft is discovered. Data is being unwittingly stolenthrough various hack attacks all the time. The more expert ofhackers rarely get caught.



37/50

Example of a SQLInjection AttackHere is a sample basic HTML form with two inputs, login andpassword.

The easiest way for the login.asp to work is by building adatabase query that looks like this:

SELECT idFROM loginsWHERE username = '$username'

AND password = '$password

If the variables $username and $password are requesteddirectly from the user's input, this can easily be compromised.Suppose that we gave "Joe" as a username and that thefollowing string was provided as a password: anything' OR'x'='x

SELECT idFROM loginsWHERE username = 'Joe'

AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised,the use of the single quotes has turned the WHERE SQLcommand into a two-component clause.

The 'x'='x' part guarantees to be true regardless of what thefirst part contains.

This will allow the attacker to bypass the login form withoutactually knowing a valid username / password combination!

How do I prevent SQL Injection attacks?

Firewalls and similar intrusion detection mechanisms providelittle defense against full-scale web attacks. Since yourwebsite needs to be public, security mechanisms will allowpublic web traffic to communicate with your databases servers



38/50

through web applications. Isnt this what they have beendesigned to do?

Patching your servers, databases, programming languages andoperating systems is critical but will in no way the best way to

prevent SQL Injection Attacks.



39/50

Cross Site Scripting(XSS)

What is Cross Site Scripting?

Hackers are constantly experimenting with a wide repertoire ofhacking techniques to compromise websites and webapplications and make off with a treasure trove of sensitivedata including credit card numbers, social security numbersand even medical records.

Cross Site Scripting (also known asXSS or CSS) is generallybelieved to be one of the most common application layerhacking techniques.In the pie-chart below, created by the Web Hacking IncidentDatabase for 2011 (WHID) clearly shows that whilst manydifferent attack methods exist, SQL injection and XSS are themost popular. To add to this, many other attack methods, suchas Information Disclosures, Content Spoofing and StolenCredentials could all be side-effects of an XSS attack.

In general, cross-site scripting refers to that hacking techniquethat leverages vulnerabilities in the code of a web applicationto allow an attacker to send malicious content from an end-user and collect some type of data from the victim.

http://www.acunetix.com/websitesecurity/xss.htmhttp://www.acunetix.com/websitesecurity/xss.htm


40/50

Today, websites rely heavily on complex web applications todeliver different output or content to a wide variety of usersaccording to set preferences and specific needs. This armsorganizations with the ability to provide better value to theircustomers and prospects. However, dynamic websites suffer

from serious vulnerabilities rendering organizations helplessand prone to cross site scripting attacks on their data.

"A web page contains both text and HTML markup that isgenerated by the server and interpreted by the client browser.Web sites that generate only static pages are able to have fullcontrol over how the browser interprets these pages. Websites that generate dynamic pages do not have completecontrol over how their outputs are interpreted by the client.The heart of the issue is that if mistrusted content can beintroduced into a dynamic page, neither the web site nor the

client has enough information to recognize that this hashappened and take protective actions." (CERT CoordinationCenter).

Cross Site Scripting allows an attacker to embedmaliciousJavaScript, VBScript, ActiveX, HTML, or Flash into avulnerable dynamic page to fool the user, executing the scripton his machine in order to gather data. The use of XSS mightcompromise private information, manipulate or steal cookies,create requests that can be mistaken for those of a valid user,or execute malicious code on the end-user systems. The data is

usually formatted as a hyperlink containing malicious contentand which is distributed over any possible means on theinternet.As a hacking tool, the attacker can formulate and distribute acustom-crafted CSS URL just by using a browser to test thedynamic website response. The attacker also needs to knowsome HTML, JavaScript and a dynamic language, to produce aURL which is not too suspicious-looking, in order to attack aXSS vulnerable website.

Any web page which passes parameters to a database can be

vulnerable to this hacking technique. Usually these are presentin Login forms, Forgot Password forms, etc

N.B. Often people refer to Cross Site Scripting as CSS or XSS,which is can be confused with Cascading Style Sheets (CSS).

The Theory of XSS

http://www.acunetix.com/websitesecurity/javascript.htmhttp://www.acunetix.com/websitesecurity/javascript.htm


41/50

In a typical XSS attack the hacker infects a legitimate webpage with his malicious client-side script. When a user visitsthis web page the script is downloaded to his browser andexecuted. There are many slight variations to this theme,however all XSS attacks follow this pattern, which is depicted

in the diagram below.

As a web developer you are putting measures in place tosecure the first step of the attack. You want to prevent the

hacker from infecting your innocent web page with hismalicious script. There are various ways to do that, and thisarticle goes into some technical detail on the most importanttechniques that you must use to disable this sort of attackagainst your users.

XSS Attack Vectors

So how does a hacker infect your web page in the first place?You might think, that for an attacker to make changes to yourweb page he must first break the security of the web serverand be able to upload and modify files on that server.Unfortunately for you an XSS attack is much easier than that.

Internet applications today are not static HTML pages. Theyare dynamic and filled with ever changing content. Modernweb pages pull data from many different sources. This data isamalgamated with your own web page and can contain simple



42/50

text, or images, and can also contain HTML tags such as

for paragraph, for image and for scripts. Manytimes the hacker will use the comments feature of your webpage to insert a comment that contains a script. Every userwho views that comment will download the script which will

execute on his browser, causing undesirable behaviour.Something as simple as a Facebook post on your wall cancontain a malicious script, which if not filtered by the Facebookservers will be injected into your Wall and execute on thebrowser of every person who visits your Facebook profile.

By now you should be aware that any sort of data that can landon your web page from an external source has the potential ofbeing infected with a malicious script, but in what form doesthe data come?

The tag is the most popular way and sometimeseasiest to detect. It can arrive to your page in the followingforms:

External script:

Embedded script:

alert(XSS);

The tag can contain an embedded script by using theONLOAD event, as shown below:

The BACKGROUND attribute can be similarly exploited:

Some browsers will execute a script when found in the tag as shown here:

There are some variations of this that work in some browsers:



43/50

The tag allows you to import HTML into a page. Thisimportant HTML can contain a script.

If the TYPE attribute of the tag is set to IMAGE, itcan be manipulated to embed a script:

The tag, which is often used to link to external stylesheets could contain a script:

The BACKGROUND attribute of the TABLE tag can be exploited

to refer to a script instead of an image:

The same applies to the tag, used to separate cellsinside a table:

The tag, similar to the and tags can alsospecify a background and therefore embed a script:

The STYLE attribute can also be manipulated in thefollowing way:

The tag can be used to pull in a script from anexternal site in the following way:

If the hacker places a malicious script inside a flash file, it canbe injected in the following way:

Is your site vulnerable to Cross Site Scripting?



44/50

Our experience leads us to conclude that the cross-sitescripting vulnerability is one of the most highly widespreadflaw on the Internet and will occur anywhere a web applicationuses input from a user in the output it generates withoutvalidating it. Our own research shows that over a third of the

organizations applying for our free audit service are vulnerableto Cross Site Scripting. And the trend is upward.

Example of a Cross Site Scripting Attack

As a simple example, imagine a search engine site which isopen to an XSS attack. The query screen of the search engineis a simple single field form with a submit button. Whereas theresults page, displays both the matched results and the textyou are looking for.

Search Results for "XSS Vulnerability"

To be able to bookmark pages, search engines generally leavethe entered variables in the URL address. In this case the URLwould look like:

http://test.searchengine.com/search.php?q=XSS%20

Vulnerability

Next we try to send the following query to the search engine:

alert ('This is an XSSVulnerability')

By submitting the query to search.php, it is encoded and theresulting URL would be something like:

http://test.searchengine.com/search.php?q=%3Cscript%3

Ealert%28%91This%20is%20an%20XSS%20Vulnerability%92%2

9%3C%2Fscript%3E

Upon loading the results page, the test search engine wouldprobably display no results for the search but it will display aJavaScript alert which was injected into the page by using theXSS vulnerability.



45/50

How to Check for Cross Site ScriptingVulnerabilities

To check for Cross site scripting vulnerabilities, use a Web

Vulnerability Scanner. A Web Vulnerability Scanner crawls yourentire website and automatically checks for Cross SiteScripting vulnerabilities. It will indicate which URLs/scripts arevulnerable to these attacks so that you can fix thevulnerability easily. Besides Cross site scripting vulnerabilitiesa web application scanner will also check forSQL injection &other web vulnerabilities.Acunetix Web Vulnerability Scannerscans forSQL injection,Cross site scripting, Google hacking and many morevulnerabilities.Preventing Cross Site Scripting Attacks

The purpose of this article is define Cross Site Scriptingattacks and give some practical examples. Preventing XSSattacks requires diligence from the part of the programmersand the necessary security testing. You can learn more aboutpreventing cross-site scripting attacks here.

http://www.acunetix.com/websitesecurity/sql-injection.htmhttp://www.acunetix.com/vulnerability-scanner/http://www.acunetix.com/websitesecurity/sql-injection.htmhttp://www.acunetix.com/websitesecurity/google-hacking.htmhttp://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/http://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/http://www.acunetix.com/websitesecurity/sql-injection.htmhttp://www.acunetix.com/vulnerability-scanner/http://www.acunetix.com/websitesecurity/sql-injection.htmhttp://www.acunetix.com/websitesecurity/google-hacking.htmhttp://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/http://www.acunetix.com/blog/web-security-zone/articles/preventing-xss-attacks/


46/50

Working of xss

SQL INJECTION DEMO

FOLLOWING WEBSITE IS USED FOR SQL

INJECTION



47/50

ATTACK DOES

1.Opens the admin panel .2.Crack all the user sensitive information.3.Able to acess all user table .



48/50

4.After log in admin panel we can makechanges and deface the site .

5.We got important log in information whichcan be misused

Hacked :

Keylogger Demo

Following keylogger is used EmissaryKeylogger



49/50

Attack Does:

1.Get all the log files and the keystrokes ofthe victim computer

2.Bring all the screen shot3.Disable all the regedit.exe4.Diable the task manager5.Block the listed sites by the attacker

Phishing Demo



50/50

EXECUTING PHISHING ON WELL KNOWNSITE GMAIL

Link : http://freethemes00.t35.com/gmail%20login/

ATTACK DOES:

1. Get the victim gmail username andpassword

2. Site can be any it may be your

bank account site
http://freethemes00.t35.com/gmail%20login/http://freethemes00.t35.com/gmail%20login/

hacking project..;) (2)

Documents