Basics of Ethical Hacking - Introductory Terms Part-4

Basics of Ethical Hacking - Introductory Terms Part-4 | HackThatCORE

Hello friends, today I came up with fourth part of the complete introductory conceptual approach towards the basics of ethical hacking. So, without any time waste, Let's dive into it...

• ASP code injection

  ASP code injection is a vulnerability that allows an attacker to inject custom code into the server side scripting engine. This vulnerability occurs when an attacker can control all or part of an input string that is fed into an eval() statement, which results in code execution.

• Client side filters

  Client side filters are the filters which are browser based or we can say use javascript to validate the type of file we are uploading. If the file doesn't seems valid then it gives an error.

• Database rollback

  In database technologies, a rollback is an operation which returns the database to some previous state. Rollbacks are important for database integrity, because they mean that the database can be restored to a clean copy even after errorneous operations are performed.

• Fraggle Attack

  A fraggle attack is a denial-of-service attack that involves sending a large amount of spoofed UDP traffic to a router's broadcast address within a network. It is very similar to Smurf Attack, which uses spoofed ICMP traffic rather than UDP traffic to achieve the same goal.

• HTTP Parameter Pollution (HPP)

  HTTP Parameter Pollution (HPP) vulnerabilities allow attackers to exploit web applications by manipulating the query parameters in the URL and requested body which causes the Cross Site Scripting or Privilege Escalation or bypass Authorization.

• Pastejacking

  Pastejacking is a method that malicious websites employ to take control of your computers' clipboard and change its content to something harmful without your knowledge.

• Path Disclosure attack

  Full Path Disclosure attack allows an attcker to see the full path of file and the attacker can use this information for exploiting some other vulnerabilities like Local File Inclusion.

• Phreaking

  It is the action of hacking into a telecommunications network for the purposes of obtaining free calls or data. It is now a mostly defunct practice as modern communication systems are highly secured and nearly impossible to break into.

• Privilege Escalation

  Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

• Slowloris

  Slowloris is a highly-targeted attack, enabling one web server to take down another server, without affecting other services or ports on the target network. Slowloris does this by holding as many connections to the target web server open for as long as possible.

• Subnetting

  Subnetting is the strategy used to partition a single physical network into more than one smaller logical sub-networks (subnets). An IP address includes a network segment and a host segment.

• Web Sockets

  Web Sockets are an advanced technology that makes it possible to open an interactive communication session between the user's browser and a server. With this API, you can send messages to a server and recieve event-driven responses without having to poll the server for a reply.

• Web Application Firewall (WAF)

  A WAF is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting and SQL injection. While proxies generally protect clients, WAFs protect servers.

• Web crawlers

  A web crawler (also known as a web spider or web robot) is a program or automated script which browses the world wide web in a methodical, automated manner. This process is called web crawling or spidering. Many legitimate sites, in particular search engines, use spidering as a means of providing up-to-date data.

• Zip Bomb

  A zip bomb, also known as a zip of death or deompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software, in order to create an opening for more traditional viruses.