Forum Thread: How to Hack a Website. Part 1

Part 1: Staying Anonymous

1.) Install Whonix - "Whonix is a Debian GNU/Linux based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux." Basically: Whonix will send all your requests through Tor.

2.) That step is for testing. Do not actually hack over Tor! You could use a virtual private server based in Sweden or something, or you could also seize a tor node and make it your own. There are always multiple options for something. Using a virtual private server is usually the best way to go. I recommend that myself.

3.) Once you have rooted the server, remember to remove all the logs. Keep that in mind.

4.) Use realistic user-agents. You can use this one for example: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

5.) This step is common sense. Do not tell anyone about your hacks. You could, I guess, tell them to online people while using a virtual private network, but not to in real life people. This is what will get you caught, eventually.

Part 2: Mapping out the target

1.) Mapping out a target is a crucial step! We must always remember that to hack your target, you must find a vulnerability. To find one, you must know your target, entirely!

2.) Use a DNS Domain Scanner - You could use Fierce to find subdomains in a target. If you're using Kali Linux, just type in -dns

3.) Check out all those websites. You might find something good. A login vulnerable to SQL Injection, possibly.

Part 3: Vulnerability finding

1.) Scan the services with nmap

2.) Maybe they have an FTP server that allows anonymous read/write access to something quite important. Believe it or not, some do.

3.) Maybe it has an old software. You could most probably find an exploit for it online. :)


5.) You can run Nikto (A vulnerability scanner). Nikto will do automated requests and find a vulnerability in the system.

6.) Once you know what software the website is running, e.g Wordpress, use WPScan.

I will show you how to get r00t in the next episode.

For a treat, I'll give you guys this:

Multiple and advanced XSS requests:

<IMG SRC=/ onerror="alert('NULLBYTE')"></img>
<svg onload="alert('nullbyte')" />
";alert(/null/);a =" \' nullbyte
#!"><img src=1 onerror=prompt(null)>//
x" autofocus onfocus="alert('null')
Sos" onmouseover="alert('null')"/
<body onhashchange=alert(1337)>
"><svg onload=alert(1337)>

3 Responses

too much fluff and less stuff. it's a good how-to, but just not my kind of how-to. i'd like to see more things in action instead of theory. perhaps you should've set up some kind of virtual network, one machine having Whonix on it, and the other having the vulnerable web-apps installed?

Null-Byters usually don't like theory. Null Byte is more practice-oriented. have a look at OTW's tutorials to see what i'm talking about.


You know what he did the right thing. If you want to hack then learn the hard way not the spoon feed way. You didnt understand this?? then quit Hacking. Ur just not fit for this domain.

Yep. I know. I didn't have type. That's why I didn't show how to get r00t.

Share Your Thoughts

  • Hot
  • Active