x666zimzum666x

Zimzum's starred repositories

SQL-Injection-attacks

SQL Injection attack is the most common website hacking technique. Most websites use Structured Query Language (SQL) to interact with databases. SQL allows the website to create, retrieve, update, and delete database records. It used for everything from logging a user into the website to storing details of an eCommerce transaction. An SQL injection attack places SQL into a web form in an attempt to get the application to run it. For example, instead of typing plain text into a username or password field, a hacker may type in ‘ OR 1=1. If the application appends this string directly to an SQL command that is designed to check if a user exists in the database, it will always return true. This can allow a hacker to gain access to a restricted section of a website. Other SQL injection attacks can be used to delete data from the database or insert new data. Hackers sometimes use automated tools to perform SQL injections on remote websites. They will scan thousands of websites, testing many types of injection attacks until they are successful. SQL injection attacks can be prevented by correctly filtering user input. Most programming languages have special functions to safely handle user input that is going to be used in an SQL query.

1100

Non-targeted-website-hacking

In many cases, hackers won’t specifically target your website. They will be targeting a vulnerability that exists for a content management system, plugin, or template. For example, they may have developed a hack that targets a vulnerability in a particular version of WordPress, Joomla, or another content management system. They will use automated bots to find websites using this version of the content management system in question before launching an attack. They might use the vulnerability to delete data from your website, steal sensitive information, or to insert malicious software onto your server. The best way to avoid website hacking attacks is to ensure your content management system, plugins, and templates are all up-to-date.

700

Social-engineering-techniques

In some cases, the greatest weakness in a website’s security system is the people that use it. Social engineering seeks to exploit this weakness. A hacker will convince a website user or administrator to divulge some useful information that helps them exploit the website. There are many forms of social engineering attacks, including: Phishing Users of a website are sent fraudulent emails that look like they have come from the website. The user is asked to divulge some information, such as their login details or personal information. The hacker can use this information to compromises the website. Baiting This is a classic social engineering technique that was first used in the 1970s. A hacker will leave a device near your place of business, perhaps marked with a label like “employee salaries”. One of your employees might pick it up and insert it into their computer out of curiosity. The USB stick will contain malware that infects your computer networks and compromises your website. Pretexting A hacker will contact you, one of your customers or an employee and pretend to be someone else. They will demand sensitive information, which they use to compromise your website. The best way to eliminate social engineering attacks is to educate your employees and customers about these kinds of attacks.

600

DNS-Spoofing-DNS-cache-poisoning-

This hacking technique injects corrupt domain system data into a DNS resolver’s cache to redirect where a website’s traffic is sent. It is often used to send traffic from legitimate websites to malicious websites that contain malware. DNS spoofing can also be used to gather information about the traffic being diverted. The best techniques for preventing DNS spoofing is to set short TTL times and regularly clear the DNS caches of local machines.

300

Cross-Site-Scripting-XSS-

Cross Site Scripting is a major vulnerability that is often exploited by hackers for website hacking. It is one of the more difficult vulnerabilities to deal with because of the way it works. Some of the largest websites in the world have dealt with successful XSS attacks including Microsoft and Google. Most XSS website hacking attacks use malicious Javascript scripts that are embedded in hyperlinks. When the user clicks the link, it might steal personal information, hijack a web session, take over a user account, or change the advertisements that are being displayed on a page. Hackers will often insert these malicious links into web forums, social media websites, and other prominent locations where users will click them. To avoid XSS attacks, website owners must filter user input to remove any malicious code.

300

Cross-site-request-forgery-CSRF-or-XSRF-

Cross-site request forgery is a common malicious exploit of websites. It occurs when unauthorised commands are transmitted from a user that a web application trusts. The user is usually logged into the website, so they have a higher level of privileges, allowing the hacker to transfer funds, obtain account information or gain access to sensitive information. There are many ways for hackers to transmit forged commands including hidden forms, AJAX, and image tags. The user is not aware that the command has been sent and the website believes that the command has come from an authenticated user. The main difference between an XSS and CSRF attack is that the user must be logged in and trusted by a website for a CSRF wesbite hacking attack to work. Website owners can prevent CSRF attacks by checking HTTP headers to verify where the request is coming from and check CSRF tokens in web forms. These checks will ensure that the request has come from a page inside the web application and not an external source.

200

SocialBox-Termux

SocialBox is a Bruteforce Attack Framework [ Facebook , Gmail , Instagram ,Twitter ] , Coded By Belahsan Ouerghi Edit By samsesh for termux on android

Language:ShellMIT296400

core

My bitcoin fork with many useful work branches for different purposes.

Language:C++MIT1100

Crypto-Wallet-Cracker-Stealer-2023

Crypto Wallet Cracker - software for automated crypto wallet stealing and cracking!

000

Multithread-Bitcoin-Brute-Force-for-Segwit-addresses

This is a Node.js script that uses multiple worker processes to generate random private keys for Bitcoin Segwit addresses are also known as Bech32 wallets and check if they match any of the Segwit addresses are also known as Bech32 addresses in a file named `data.txt`

Language:JavaScriptMIT4300