Académique Documents
Professionnel Documents
Culture Documents
1 of 6
UK EDITION
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
News
Business
Technology
BlackBerry
Economy
Technology
Sport
Entertainment
Opinion
Video
IBTIMES TV
Every wondered how Anonymous and other hacktivists manage to steal the data or crash the
servers of websites belonging to some of the world biggest organisations? Thanks to freely
available online tools, hacking is no long the preserve of geeks,
geeks , so we've decided to show you
how easy it is to do, in just four easy steps.
11/1/2014 7:23 AM
2 of 6
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the
best thing to do is to identify a any website which has a vulnerability.
Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did
he/she identify these websites? Well, the key to creating a list of websites which are likely to be
more open to attack, is to carry out a search for what is called a Google Dork.
Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of
vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a
search term into Google and find websites which may have these vulnerabilities somewhere on the
site.
Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have
produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are
looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials?
There's a Dork for that.
For example, if you are looking for files stored on websites containing passwords, then a sample
search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This
returns the results shown in the screengrab above.
So now you have a list of potential victims. Next you need to narrow this down even further.
Step 2: Check for vulnerabilities
Opinion
Having a huge number of sites which may or may not be vulnerable is not much use unless you
can pinpoint one which is actually open to attack. This is when a programme called a vulnerability
scanner comes into its own and the most popular is called Acunetix.
Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web
developers to test sites they are building. However the hacking community has commandeered the
11/1/2014 7:23 AM
3 of 6
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
William Keegan
economy has be
France's
National is feasting on th
Nus Ghani
was delivered
Halloween
a big bill
Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows
application and all you need to do is enter the URL of the site you want to target, and press
Process. Acunetix will scan the entire website, including all pages associated with it, and return a
list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step
3, as Acunetix does not perform any website penetration.
Step 3: Attack the website
Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial
of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will
deal with this type of attack later, but first we will look at how you can hack into an account and
steal some information contained within databases on the site.
This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to
capture information stored in a database on the particular website by introducing some SQL code.
SQL is a programming language designed for managing data in a database.
But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully
another freely-available and easy-to-use application, originally developed in Iran, can be
downloaded from the web saving you the trouble of dealing with any complex code.
11/1/2014 7:23 AM
4 of 6
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so,
unsurprisingly, this is the piece of software required to penetrate a website.
Again there are free and paid-for versions of Havij available with the paid-for version having more
powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of
the full Havij application are available if you look for them.
The Havij interface is once again like any other Windows program and all a virgin hacker needs to
do is simply copy-and-paste the address of their target website and press a button.
Havij allows you to perform a number of different types of operation including one called a Get,
which unsurprisingly gets all the information stored on databases on that particular site which can
be usernames, passwords, addresses, email addresses, phone numbers and bank details.
And that's it, within minutes you can search for, download and use a couple of automated tools
which will allow you to access websites which are vulnerable to this type of attack. While most high
profile companies' websites will be protected from this type of attack, the fact that Sony's website
and the personal information of its customers was stolen in a manner similar to this, shows just
how vulnerable the web is.
Step 4: If all else fails, DDoS
Hacktivist collective Anonymous changed their tactics in the last 12 months moving away from
DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection
instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with
READ MORE
Apple CEO T
and Gonorrh
Russian po
Tim Cook s
Russia afte
11/1/2014 7:23 AM
5 of 6
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
Pirate Bay F
Warg Hande
And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The
programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to
stress test websites, but has been high-jacked by hackers in order to attack websites.
Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all
potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest.
What the application will do is send up to 200 requests per second to the site in question.
Per Gottfrid
known as h
to 3.5 years
hacking case...
Hacker, Hoa
Many Faces
While most bigger sites might be able to deal with this request without crashing, most websites out
there will not, especially if you get together with some other hacking virgins and combine your
efforts.
So easy is it to use this technology that you can even control it from your BlackBerry, meaning you
can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of
your choice.
Gabriella Co
book about
informative
enthralling.
B&O BeoPla
Edition Revi
Looks
If our tutorial has not provided you with enough information, there are dozens of other tutorials on
various hacker forums around the web and even video tutorials on YouTube which you can watch.
Here endeth the lesson.
The BeoPla
designed no
look good as well.
Galaxy A3 an
Help Samsu
Recommend
7 Share
Recommend
Share
Recommend
Share
Recommend
Share
Over-Tweeti
Become Pop
Recommend
Share
Recommend
Share
Scientists h
over-tweetin
inef
Samsung is
ground in C
with launch
Telltale Gam
Dead, Game
Telltale exe
Season Two
drops
details.
Wix: British
Mobile Webs
64% of Briti
mobile vers
MOST POPULAR
11/1/2014 7:23 AM
6 of 6
http://www.ibtimes.co.uk/hack-website-anonymous-sql-ddos-loic-333713
Picture Galleries
Parque Safari: The Zoo in Chile Where Humans are in Cages and Lions are
On Top
IBTIMES Media & TV
Home
Business
Economy
About us
Advertise with us
Editions:
Technology
Brand
Australia
Sports
Terms of service
Privacy
China
Italy
India
Permission
Japan
U.K.
Syndication
Opinion
Video
Contact
U.S.
11/1/2014 7:23 AM