While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is. Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.Īnd that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.
The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.Īgain there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code. SQL is a programming language designed for managing data in a database.īut fear not, you won't need to understand a single line of SQL to carry out this attack. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. This type of attack is known as a SQL (pronounced sequel) Injection. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.Īttacking a website is done by two main methods. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process.
0 kommentar(er)
