Hello everyone, this is IRISnoir from Hackingarise. Today I am back for another post. As you can see in the title, I will list and discuss about the top 5 ways to access another user’s account… just through your phone. Let’s get started, shall we?
5. SQLi (SQL injection)
Ahh, the infamous vulnerability. Until now, it is still very common. SQLi is known to be one of the most dangerous vulnerabilities of all time. The exploitation process is NOT difficult nor long but the consequences will affect your system dearly. This involves breaching of accounts, extraction of sensitive information, etc.. You can imagine the chaos when a SQLi attack is successfully executed on a banking system. Probability of success: 51%.
Attack: Hackers will input a piece of code into the login page:
' or 1=1--
This will allow hackers to breach the accounts on a website that is vulnerable to SQLi.
Protect: SQLi is common, but it doesn’t mean that it’s unpreventable. To learn how to protect your system, read this article
4. Bruteforce/Dictionary attack
This is the act of using a login automator to attack accounts.
Now how this works is that it uses a wordlist file (a file containing a list of words) to try and guess the password of an account. Although, success is not guaranteed, if the password is not in the file you specified, then you’ll know you failed, this is a dictionary attack.
A bruteforce attack is almost similar to a dictionary attack where it guesses passwords. The only difference is that it will try ALL the password combinations and will eventually get the true password.
Attack: You just need the right software like Hydra. Then you’ll know what to do next.
Protect: Defending from this kind of attack is not hard but it’s also not easy. You can use Captcha or anything that can block the attacks of a machine and deploy it on your system.
3. Interacting with the target
Now, this is an old method, but as effective as always. This includes phishing, social engineering, shoulder surfing and basically everything you can do that involves meeting the target or interacting with them.
Attack: You can create a bogus ‘reset password site’ and send it to them and get them to input their sensitive data and have the data sent to you, a.k.a phishing.
Or you can just email them or call them (You have to spoof your number first if you wanna call, else you have to generate a bogus email for the sole purpose of doing this if you wanna use email.). And convince them somehow to ‘lend’ you their password, a.k.a social engineering.
Defend: Be alert, do NOT accept and download ANYTHING from untrusted sources or clicking on shady links. Even if they are enticing. Most importantly, don’t be gullible. Chances are, hackers will try to convince you to lend out your personal data. And, depending on the damage, the consequences ranges from sticky stuff to having your life ruined.
It involves the use of keyloggers and more softwares. Are you thinking what I’m thinking?
Attack: Malwares will deal damage dearly if crafted right. You can program one designated from basically annoying the victim to encrypting all files for ransom (ransomware), privacy breachers like keyloggers, destructor of PC, etc..
Defend: If you wanna see if it’s really malware, use it on a Virtual Machine. This will ensure your safety as you can dismiss the machine when all hells break loose.
Fun fact: You can actually build a keylogger in Python. Yes, very impressive. This is why I have it in this ‘Top 5’ list. Just install Termux and then you know what to do next.
Attack: You can try and learn about the target. Most people put their password as something related to their lives, for example: birthdate, pet’s name, etc.. If you succeed, then congratulations. If not, try the other methods.
Defend: Use something unexpected and hard to guess as your login credentials. If you want, you can input JIBBR JABBR like faewcg8cge88de8f87r6ug9g6if5e6t5t74i. Some people say that’s mad shit but you’ll thank me later and thank yourself later for reading this.
That’s about it for this ‘Top 5’ list. If you like what you’re reading, then share around. And remember, stay safe, stay ethical as Hackingarise is never responsible for any of your malicious acts. Have a nice day.