Remote File Inclusion (RFI):
A method of uploading a shell by an off-site .
Local File Inclusion (LFI) AKA Directory traversal attack:
A method of pulling usernames and passwords off a website vulnerable to the exploit of
insufficient security validation / sanitization of user-supplied input file names.
Blind Structured Query Language Injection (blind SQLI):
Method of once again insufficiant security validation and sanitization of user-input.
Basic SQLi
This is the easiest method of SQLi. This method allows you to enter codes such as ' or '1'='1
into the username and password fields to gain access. E.g. you find the admin login on a site
and you may enter the correct username admin and the password as: ' or '1'='1.
Cross Site Scripting (XSS):
A method of injection html/javascript into a website. The can be both persistent attacks, and
non-persistant.
Cross site request forgery (CSRF):
An attack that is commonly sent by e-mail or other means and often tricks a user. given to a target may include HTML, something like this:
Code:
<img src="http://bank.example/withdraw?account=bob&amount=100&for=mallory" height="1" width="1" border="0">
And this will be activated through the victims browser and the site will think it was a valid and intentional move.
Public Exploits:
Public exploits are just scripts that people have released for others to use. Such as
this exploit which exploits a webserver
running this program on one of its open ports. I suggest you have a quick look through the
script to see how/why it works. The way of finding which software you target is using is by using Namp or the GUI Zenmap
DNS hijacking:
This is the method or redirecting the domain name to a rouge domain name. This method is used
particually in phishing attacks.
Bruteforcing:
This method is the practise of running a program to keep guessing the password and username of
a site. This method is fastly going out of fashion as the max login attempts are added and even
without this obstical, it can take weeks to gain the correct password. Programs commonly used
for this are hydra and Brutus.
Password Guessing:
Yes, just as it sounds. This is the method of just guessing common passwords such as:
Code:
admin
admin123
321admin123
password
toor
thesitesname
Packet Sniffing:
If you find a site with FTP access, there may be a chance you can use a tool such as
cain and abel to sniff their password and username when
the login. Not a very easy task as the trafic is sometimes encrypted.
RCE (Remote Command Execution):
This is the method of making the server read command that you have entered for it to.
E.g.
Code:
index.php?cmd=whoami
index.php?cmd=net user
Social Enginering:
A common method used to gain information. This can be a long process, but an effective one.
They can patch software, but it will always be people's ignorance that will let you/your target
down.
Cookie poisoning:
This is a method of editing cookies you have already gained, to gain extra privileges. Not a very common method now as of cookies being encrypted, and having to be signed. This exploit can work on some surprising sites, take a look, you may be surprised.
Parameter tampering: (And i think is method is Often called As SESSION HIJACKING, correct me if i am wrong)
A method of uploading a shell by an off-site .
Local File Inclusion (LFI) AKA Directory traversal attack:
A method of pulling usernames and passwords off a website vulnerable to the exploit of
insufficient security validation / sanitization of user-supplied input file names.
Blind Structured Query Language Injection (blind SQLI):
Method of once again insufficiant security validation and sanitization of user-input.
Basic SQLi
This is the easiest method of SQLi. This method allows you to enter codes such as ' or '1'='1
into the username and password fields to gain access. E.g. you find the admin login on a site
and you may enter the correct username admin and the password as: ' or '1'='1.
Cross Site Scripting (XSS):
A method of injection html/javascript into a website. The can be both persistent attacks, and
non-persistant.
Cross site request forgery (CSRF):
An attack that is commonly sent by e-mail or other means and often tricks a user. given to a target may include HTML, something like this:
Code:
<img src="http://bank.example/withdraw?account=bob&amount=100&for=mallory" height="1" width="1" border="0">
And this will be activated through the victims browser and the site will think it was a valid and intentional move.
Public Exploits:
Public exploits are just scripts that people have released for others to use. Such as
this exploit which exploits a webserver
running this program on one of its open ports. I suggest you have a quick look through the
script to see how/why it works. The way of finding which software you target is using is by using Namp or the GUI Zenmap
DNS hijacking:
This is the method or redirecting the domain name to a rouge domain name. This method is used
particually in phishing attacks.
Bruteforcing:
This method is the practise of running a program to keep guessing the password and username of
a site. This method is fastly going out of fashion as the max login attempts are added and even
without this obstical, it can take weeks to gain the correct password. Programs commonly used
for this are hydra and Brutus.
Password Guessing:
Yes, just as it sounds. This is the method of just guessing common passwords such as:
Code:
admin
admin123
321admin123
password
toor
thesitesname
Packet Sniffing:
If you find a site with FTP access, there may be a chance you can use a tool such as
cain and abel to sniff their password and username when
the login. Not a very easy task as the trafic is sometimes encrypted.
RCE (Remote Command Execution):
This is the method of making the server read command that you have entered for it to.
E.g.
Code:
index.php?cmd=whoami
index.php?cmd=net user
Social Enginering:
A common method used to gain information. This can be a long process, but an effective one.
They can patch software, but it will always be people's ignorance that will let you/your target
down.
Cookie poisoning:
This is a method of editing cookies you have already gained, to gain extra privileges. Not a very common method now as of cookies being encrypted, and having to be signed. This exploit can work on some surprising sites, take a look, you may be surprised.
Parameter tampering: (And i think is method is Often called As SESSION HIJACKING, correct me if i am wrong)
An attack usual done by moderfying values in the url. E.g. changing a value to decrease the amount you have to pay on something.
Code:
<input type=”hidden” id=”1008” name=”cost” value=”70.00”>
In this example, an attacker can modify the “value” information of a specific item, thus lowering its cost.
source: http://www.owasp.org/index.php/Web_Parameter_Tampering
Tamper Data:
A very nifty Firefox addon which is used to modify http/https headers and post parameters.
Admin Auth bypass:
This exploit can be as simple as adding:
Code:
?action=edit
To a URL. This exploit when a server/application allows you to edit by having the valid URL, instead of by cookies. Another method of admin auth bypass is editting the html to proceed even if the password is wrong.
