Types of Website Hacking
There are several types of website hacking techniques that hackers use to exploit vulnerabilities in websites.
We can divide all techniques into three parts:
1. Server-side attacks: Server-side attacks are targeted at the server-side components of a web application.
These attacks aim to exploit vulnerabilities in the server's software, configuration, or operating system to gain unauthorized access, steal sensitive data, or execute malicious code.
Some common server-side attacks include:
- SQL Injection
- Authentication Vulnerabilities
- Directory Traversal
- Command Injection
- Business Logic Vulnerabilities
- Information Disclosure
- Access Control
- File Upload Vulnerabilities
- Server-side Request Forgery (SSRF)
- XXE Injection
- NoSQL Injection
- GraphQL Injection
- LaTeX Injection
2. Client-side attacks: Client-side attacks target the end-user's web browser or device to execute malicious code, steal sensitive data, or gain unauthorized access.
Some common client-side attacks include:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Cross-Origin Resource Sharing (CORS)
- Clickjacking
- DOM-Based Vulnerabilities
- WebSockets
- HTML Injection
- Open Redirect
- Session Hijacking
- Parameter Tampering
3. Advanced attacks: Advanced attacks are complex and sophisticated attacks that use multiple techniques and exploits to gain access to a web application.
Some common advanced attacks include:
- Insecure Deserialization
- Server-Side Template Injection (SSTI)
- Web Cache Poisoning
- HTTP Host Header Attack
- HTTP Request Smuggling
- OAuth Authentication
- JWT Tokens Vulnerabilities
- Prototype Pollution
- LDAP Injection
- CRLF
- CSV Injection
- Crypto Bugs
- API Key Leaks
- Amazon S3 Bucket Bugs
- DNS Rebinding
- Insecure Management Interface
- Java RMI
- Race Condition
- SAML Injection
- Type Juggling
- Tabnabbing
- Web Sockets
- XPATH Injection
- XSLT Injection
This is just a small list; there are many more vulnerabilities. We will cover them one by one in this blog series.
Requirements for Website Hacking
Before moving further, let's install some tools that are required for web application penetration testing.
Kali Linux
Kali Linux is a specialized operating system developed for penetration testing and ethical hacking purposes. It is an open-source distribution based on Debian and includes a wide range of tools and frameworks that are useful for various hacking techniques, including web hacking.
The system includes tools for reconnaissance, vulnerability scanning, exploitation, and post-exploitation, among other things.
Kali Linux is an essential tool for web hacking and bug bounty, and it's important to get it set up correctly before you begin your journey.
So, if you're unsure how to install Kali Linux, head over to my blog post How to Install Kali Linux [Step by Step Installation Guide] and follow the instructions. With Kali Linux installed, you'll be ready to start learning and practicing your web hacking skills.
Pen-test Lab Setup
As you start your journey into the world of website hacking, it's important to have a safe and legal environment to test your skills and techniques.
For this blog series, we will use many labs—some are online, and some are hosted on your local machine. Installing them one by one will take a lot of time, and you may face many errors.