Basics of Ethical Hacking - Introductory Terms Part-5

Basics of Ethical Hacking - Introductory Terms Part-5 | HackTHatCORE

Basics of Ethical Hacking - Introductory Terms Part-5 | HackThatCORE

Hacking glossary

Hello friends, today I came up with fifth part of the complete introductory conceptual approach towards the basics of ethical hacking. So, without any time waste, Let's dive into it...

    • Cross-Site Tracing

      A cross-site tracing (XST) attack involves the use of Cross-site scripting (XSS) and the TRACE or TRACK HTTP methods.XST could be used as a method to steal user's cookies via cross-site scripting even if the cookie has "HttpOnly" flag set and/or exposes the user's authorization header.

    • Eavesdropping attack

      Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, video conference or fax transmission.

    • Email Injection

      Email Injection is a type of injection attack that hits the PHP built-in mail function. It allows the malicious attacker to inject any of the mail header fields like BCC, CC, subject, etc., which allows hacker to send out spam from their victims' mail server through their victims' contact form.

    • Fork Bomb

      Fork Bomb is a program which harms a system by making it run out of memory. It forks processes infinitely to fill memory. The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system.

    • Frame Killer

      A framekiller is a technique used by web applications to prevent their web pages from being displayed within a frame. It's usually deployed to prevent a frame from an external website being loaded from within a frameset without permission often as part of clickjacking attack.

    • LDAP Injection

      LDAP Injection is an attack used to expoit web based applications that constructs LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting permissions to unauthorized queries.

    • Logic Bomb

      A logic bomb is a piece of code intentially inserted into a software system that will set off a malicious function when specified conditions aer met. For example, a programmer may hide a piece of code that starts deleting files.

    • MongoDB Injection

      The MongoDB injection Primer. Now, even though SQL Injection is still a popular attack vector, it is no longer as widespread as it used to be. Many modern web applications opt in to use a much simpler dtorage mechanism such as the one provided by NoSQL databases like MongoDB.

    • Parameter Delimiter

      This attack is based on the manipulation of parameter delimiters used by web application input vectors in order to cause unexpected behaviors like access control and authorization bypass and information disclosure, among others.

    • RDP Bruteforce

      RDP Bruteforce attack, hackers use network scanners such as Masscan (which can scan the entire internet in less than six minutes) to identify IP and TCP port ranges that are used by RDP Servers.

    • Shoulder Surfing

      In Shoulder Surfing, the attacker secretly observes the target.

    • Teardrop

      This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other.

    • The Shadow Brokers

      The Shadow brokers is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency, including several zero-day exploits.

    • Transport Layer Security

      TLS is a successor to Secure Sockets Layer protocol, or SSL. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially.

    • Virtual private server (VPS)

      A Virtual Private Server is a virtual machine sold as a service by na Internet hosting service. A VPS runs its own copy of an operating system and customers may have superuser level access to that operating system instance, so they can install almost any software that can run on that OS.

Comments