Different kinds of hacking

I have been so set on remote control & gaining access to an internal corporate network that I was blinded to the opportunities that a hacker can do by attacking a web-based application. A friend showed me that they are able to do some incredible magic with cross site scripting and sql injection.
The idea is like this:
A hacker sets up a man in the middle attack on him / herself.
While using the web based app, you monitor the requests, responses, & actions that are happening in the browser.
Using the Man in the middle attack, the hacker will change a website’s element & resend the packet which provides a new & different response.
I have used this tactic to grab SAML authentication or cookies, but never to send an unexpected request to a website. Well, kinda…
In my job, I have to reset a lot of technical things for users. For instance, I check on a recording that failed. I can see that the raw files are on our recording server. I then can see that there was an issue with the processing so the files became corrupted when they were transferred to our playback server. There is a button that is greyed out on the tool that I use that will reprocess the recording so that it will be placed on the playback servers correctly. If I inspect the greyed out button & change its value from zero to one, I can reprocess it. There are like 15 things like this on a day to day basis that I do, instead of sending a request up to a specialist who has the correct permissions to click a button.
I have found hundreds of websites that have elements that are hidden where if you change the element to display, you have a new field box on the page or something similar.
I have never really thought of this as “hacking” but with the addition of more and more web based applications, this opens access to more and more internal databases that a website can query. Also, using these apps, as they write data to these servers, a hacker could use this to write files to it. A carefully placed file on a server could cause the unit to download & execute a RAT (Remote Access Tool). This is a tool that I need to have on my tool belt.
I am attempting to research this & set this up in my lab. If you are a pro at this… let me know so we can work on this together.

Comments

  1. parkerjacobaMarch 3, 2022 at 1:07 PM

    Why You Should Never Bet on Blackjack | DrMCD
    So, when 춘천 출장마사지 you live in Las Vegas and play at 당진 출장안마 a high-stakes casino, 대전광역 출장마사지 it's the safest option. 전라남도 출장샵 As the sportsbook has opened and the site is 익산 출장안마 new, you have

    ReplyDelete
  2. Alia parkerJuly 22, 2022 at 10:16 AM

    If you're looking for the best eSIM card for your iPhone, you'll want to consider a few things. First, make sure your carrier supports eSIM. Second, decide if you want a physical SIM card or an eSIM. And finally, consider the data limits and other features that each card offers. eSIM card for iPhone

    ReplyDelete
  3. MOMOTOMAugust 17, 2022 at 7:14 PM

    Different carrier profiles and wandering systems are accessible on each data mobile SIM card. In case one organization falls flat, your caution IoT SIM Card will consequently enroll with the following best arrange over borders all through the USA.

    ReplyDelete

Post a Comment

Popular Posts