WEB attack:
Cross-site scripting attacks, SQL injection, OS injection, http header injection, http corresponding block attacks, mail header attacks, directory traversal attacks, remote file package vulnerabilities, session hijacking, session fixation, cross-site request forgery, password cracking, DOS attacks.
Penetration Testing:
Penetration testing is a legitimate and authorized to locate the computer system, and method for its successful implementation exploits, which aims to make these systems more secure under test. Vulnerability detection and testing process, including providing proof of concept attack, to prove the existence of loopholes. Penetration testing is also known as hacking, ethical hacking, white hat hackers.
Four-step model method:
1. Reconnaissance -> 2 Scan (port or vulnerability scan) -> 3 exploit (get permission) -> 4 maintain access.
1. Reconnaissance:
Information gathering, some people think this is a penetration test of the four most important step in a ring. Gather information on the target the more time spent, the higher the success rate of subsequent stages. Learn how to perform digital surveillance is a valuable skill for penetration testers and hackers is priceless. The two main tasks: first, to collect information about the target, the better. Second, the classification of all the information collected to create a list of IP addresses available for attacks.
2. Scan:
Performs a port scan. Once complete port scan, you have a goal and a list of open ports might have turned services. The second event is the vulnerability scanning, vulnerability scanning for defects in software and services to locate and identify on the target computer is running is located.
3. Exploit:
Once we know turned on the computer on which ports, port services which are running these services exist and what kind of loophole, you can begin to attack the target. Most newcomers think that this step is the real hacking. Exploit contains a number of different techniques, tools and code.
4. maintain access:
Typically, the load provided in the attack exploits stage can only provide temporary access to the start of the system. Because most attacks and are temporary, so you need to create a permanent backdoor control process of the target system. This process allows us to backdoor administrator privileges reopen a closed procedure, or even restart the target computer. As an ethical hacker, for the use and implementation of this stage we have to be very careful.