Knowing the methods of attack allows you to build an effective defense strategy - this rule is relevant not only in army circles, but also on the Internet. By understanding how hackers hack websites, you can close possible vulnerabilities of your resource in advance.
Instructions
Step 1
"Uploading a shell to a site" means using a vulnerability on the site to inject a malicious script (web shell) that allows a hacker to control someone else's site through the command line. The simplest PHP shell looks like this:
Step 2
A hacker does not have to create his own web shell, such programs have been written for a long time and have a very large set of functions. The hacker's task is to upload a ready-made shell to the site, usually SQL and PHP injections are used for this.
Step 3
SQL injection exploits errors in database access. By injecting his code into a request, a hacker can gain access to database files - for example, to logins and passwords, bank card data, etc. PHP injections are based on errors in PHP scripts and allow third-party code to be executed on the server.
Step 4
How do you know if your site has vulnerabilities? It is possible to manually enter certain commands, supply values to the address bar, etc., but this requires certain knowledge. Also, there is no guarantee that you will test all possible options. Therefore, use specialized utilities for verification - for example, the XSpider program. This is an absolutely legal program created for network administrators, with its help you can check your site for vulnerabilities. Its demo can be found online.
Step 5
There are many programs for finding vulnerabilities created by hackers. Using these utilities, an administrator can check his site with the same tools that might try to hack it. To find these tools, search for "SQL scanners" or "PHP vulnerability scanners". An example of a utility that allows, in the presence of a SQL vulnerability, to obtain information from a database, is the Havij - Advanced SQL Injection Tool. You can check your site for SQL vulnerabilities using the NetDeviLz SQL Scanner hacker utility. Identified vulnerabilities should be eliminated immediately.
