Sunday, June 26, 2011

Hacking a Website (must see) [TuT]

6 comments
 
This tutorial will fully explain you how to hack a website.


Disclaimer: I take no responsibility what you do with it.NonoNono 

First of all you need a target website. (Google & find one) 

Once you’ve got it, plug into this website.
http://www.selfseo.com/find_ip_address_of_a_website.php Once you’ve done that, it’ll split out its IP address.

Next thing you need to do is find out is, it online or offline. (Ping)
Go to http://www.just-ping.com & ping the IP obtained in last step.
Observe the results from ping. (Okay means online)

Now, we need to gather information about the website. (Whois lookup)
Go to http://whois.domaintools.com & plug up the IP or the website.
You’ll see a large amount of information about the website.
Use Google to find even more information about the website.

Once you’re done download, install & open Nmap.
Once you have done that, do a –sT –sV scan of the website.
[That is put, nmap –sT –sV, in Nmap’s command bar & scan website.]
Once done, observe open OS, ports, services running on the website server.]

Once done, you’ll need to find banner of the software.
[Banner: It shows the software & version running on ports.]
Methods depend on the OS of the server.

For WIN VISTA & 7:

You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]

Once done type, nc <IP> <PORT>
Ex: nc 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.

For other OS:

Open Telnet
[Start > RUN > telnet]

Once done type, O <IP> <PORT>
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.

Once you’ve got the banner, you need to search for vulnerability matching with banner.

Exploit databases:

Milw0rm: http://www.milw0rm.com
Security Focus: http://www.securityfocus.com
Osvdb: http://www.osvdb.org
Cve Mitre: http://cve.mitre.org
Metasploit: http://www.metasploit.com 


Once you’ve got the matching exploit of the same version software.
[If you haven’t got, try another port.]
You need to edit values, compile & run it.

Most common exploit Coders:

Perl 

For perl exploits, Copy the exploit in notepad & save it with .pl extension.
Download & Install, Active Perl: http://www.activestate.com/activeperl
Once done, edit the exploit with notepad & double click to run it.

PHP 

For PHP exploits, copy & save it in .php extension.
Download & Install WAMP: http://www.wampserver.com/en/ Once done, edit the exploit with notepad & execute it from CMD.

Python 

For python exploits, copy & save it in .py extension.
Download & Install python: http://www.python.org/download
Once done, edit the exploit with notepad & double click to run it.

C/C++ 

For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.


If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.

Good Luck !ThumbsupThumbsup

6 Responses so far.

  1. Anonymous says:

    aww great tutorial .... gaga try it own

  2. Anonymous says:

    Αw, this ωaѕ an іncredibly good post.
    Finding the time and аctual effoгt tο mаke a good aгticle… but what can I say…
    I hesіtate а lot anԁ don't manage to get nearly anything done.

    my page: tetris battle cheats

  3. Anonymous says:

    Hmm it aρpеars lіκe youг blοg
    atе mу firѕt comment (it ωas super lοng) so I guess I'll just sum it up what I had written and say, I'm thorоughly еnjoуing your blog.

    I аs ωеll аm аn аspirіng blog writeг but І'm still new to everything. Do you have any helpful hints for beginner blog writers? I'd defіnіtely appreciаte it.


    My blog post :: tetris battle cheat

  4. Anonymous says:

    Very good wrіte-uр. Ӏ absolutelу love
    thiѕ website. Kеep it up!

    Нeгe is my wеblog :: tetris battle Cheats

  5. Anonymous says:

    i keep trying to play Disney pirates of the Caribbean online or Disney Toontown but after i
    download the icon, i open it and when i log in with
    the right account details it just keeps saying "cannot verify account ID".
    .. and the technical support isn't really helping. please someone help!! (my accont information and facts is right also, i can log into Disney.com with it, i just cant log into the actual recreation with the icon)

    Check out my site: Dragon City Cheats

  6. Liu Liu says:

    New wholesale nfl jerseys York Giants receiver Odell Beckham’s run-in with the kicking net on the Nike Roshe Run sideline went viral, but NFL Jerseys there’s no beef between the cheap nfl jerseys two. Beckham and the kicking net are friends again, after Beckham Nike Air Max 2015 Shoes went over to the net Nike Air Max 90 and Nike Free Run hugged it after his catch against the Green Bay Packers was ruled a touchdown. Hilarious. nfl jerseys store

Leave a Reply