Hello everyone, this is IRISnoir from Hackingarise. Today I am back for another post. As you can see in the title, I will list and discuss about the top 5 ways to access another user’s account… just through your phone. Let’s get started, shall we?
5. SQLi (SQL injection)
Ahh, the infamous vulnerability. Until now, it is still very common. SQLi is known to be one of the most dangerous vulnerabilities of all time. The exploitation process is NOT difficult nor long but the consequences will affect your system dearly. This involves breaching of accounts, extraction of sensitive information, etc.. You can imagine the chaos when a SQLi attack is successfully executed on a banking system. Probability of success: 51%.
Attack: Hackers will input a piece of code into the login page:
' or 1=1--
This will allow hackers to breach the accounts on a website that is vulnerable to SQLi.
Protect: SQLi is common, but it doesn’t mean that it’s unpreventable. To learn how to protect your system, read this article
4. Bruteforce/Dictionary attack
This is the act of using a login automator to attack accounts.
Now how this works is that it uses a wordlist file (a file containing a list of words) to try and guess the password of an account. Although, success is not guaranteed, if the password is not in the file you specified, then you’ll know you failed, this is a dictionary attack.
A bruteforce attack is almost similar to a dictionary attack where it guesses passwords. The only difference is that it will try ALL the password combinations and will eventually get the true password.
Attack: You just need the right software like Hydra. Then you’ll know what to do next.
Protect: Defending from this kind of attack is not hard but it’s also not easy. You can use Captcha or anything that can block the attacks of a machine and deploy it on your system.
3. Interacting with the target
Now, this is an old method, but as effective as always. This includes phishing, social engineering and basically everything you can do that involves meeting the target or interacting with them.
You can create a bogus ‘reset password site’ and send it to them and get them to input their sensitive data and have the data sent to you, a.k.a phishing.
Or you can just email them or call them (You have to spoof your number first if you wanna call, else you have to generate a bogus email for the sole purpose of doing this if you wanna use email.). And convince them somehow to ‘lend’ you their password, a.k.a social engineering.
It involves the use of keyloggers and more softwares. Are you thinking what I’m thinking?
Fun fact: You can actually build a keylogger in Python. Yes, very impressive. This is why I have it in this ‘Top 5’ list. Just install Termux and then you know what to do next.
You can try and learn about the target. Most people put their password as something related to their lives, for example: birthdate, pet’s name, etc.. If you succeed, then congratulations. If not, try the other methods.
That’s about it for this ‘Top 5’ list. If you like what you’re reading, then share around. And remember, stay safe, stay ethical as Hackingarise is never responsible for any of your malicious acts. Have a nice day.