Vulnerabilities can be broken down into several categories, most of which come from certain security measures being outdated.

* The password protection (hashing) is outdated and easy to crack
* The website doesn’t support encryption (HTTPS)
* The website is vulnerable to code injection – tricking the computer into executing code when it’s supposed to be storing data (like if your username contains a piece of code.)

Hackers test for common problems and when they find one, they use it to expose more issues. You work on a website bit by bit, exploit what you can, and run into a lot of dead ends. This is an example of how you might break into a database and then how you would crack the passwords in it:

[https://www.youtube.com/watch?v=ciNHn38EyRc](https://www.youtube.com/watch?v=ciNHn38EyRc)