SQL is a programming language designed for managing data in a database.īut fear not, you won't need to understand a single line of SQL to carry out this attack. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. This type of attack is known as a SQL (pronounced sequel) Injection.
We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.Īttacking a website is done by two main methods. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds.
Login credentials? There's a Dork for that.Īcunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Looking for files containing passwords? There's got a Dork for that. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.ĭon't worry about needing technical expertise to know what to look for. Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork. Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack.
It then sends a continuous series of messages until the server becomes overloaded and can’t respond to legitimate requests.While Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability. Once launched, LOIC opens multiple connection requests for a target server. The TCP and UDP modes send message strings and packets to select ports on the target, while the HTTP flood mode sends an endless volley of GET requests.
To use LOIC, a perpetrator simply launches the application, enters a target URL or IP and then designates whether to launch a TCP, UDP or HTTP flood. It used internet relay chat servers to hijack junk traffic generated by users, thereby enabling individual perpetrators to create a botnet and stage attacks without prior coordination. The LOIC version used in the above attacks contained a so-called HIVEMIND mode.