There is a weebly website that I want to deface/shutdown. I have run the domain through nikto and came up with the OSVDB vulnerabilities 877 and 3092. How would I begin to exploit this website? I cannot try to crack the password to the account that can edit the website because I frankly do not know the username. Any thoughts on how I would begin to exploit this site?
Forum Thread: How Would I Go About Defacing a Website?
- Hot
- Active
-
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
1 wk ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
3 wks ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
3 wks ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
2 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
2 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
2 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
3 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
3 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
3 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
3 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
4 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
4 mo ago -
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
5 mo ago -
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
6 mo ago -
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
6 mo ago -
Forum Thread:
How to Hack School Website
11
Replies
6 mo ago -
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
6 mo ago -
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
7 mo ago -
Forum Thread:
Hacking with Ip Only Part [1] { by : Mohamed Ahmed }
5
Replies
8 mo ago
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Brute-Force FTP Credentials & Get Server Access
-
How To:
The Top 80+ Websites Available in the Tor Network
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Enumerate SMB with Enum4linux & Smbclient
-
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
-
How To:
Exploit Shellshock on a Web Server Using Metasploit
-
How To:
Bypass File Upload Restrictions on Web Apps to Get a Shell
-
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
-
How To:
Write an XSS Cookie Stealer in JavaScript to Steal Passwords
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
Hack Like a Pro:
How to Conduct a Simple Man-in-the-Middle Attack
-
How To:
Compromise a Web Server & Upload Files to Check for Privilege Escalation, Part 2
7 Responses
DDoS.
ghost_
Oh yeah, thanks!
You're welcome.
ghost_
well if you found vulnerabilities then you should find out if there are any exploits that are related? Im pretty sure you can search metasploit for OSVDB related exploits. DoS attack will work too though.
OR write one for the vulnerabilities discovered. Random Tip: Most exploits methods are vague at best on purpose...
So you are really trying to use a 11 yr old sploit?
"I frankly do not know the username" Uh 'admin' perhaps?
Just reboot bro.
OSVDB-3092 allows you to see the ASP page of the website, but may not provide you with the kind of capability you're looking for. According to the OSVDB website, "there is no known vulnerability or exploit against this". OSVDB-877 may allow "unauthorized information disclosure" and may also be vulnerable to XSS, but again is not necessarily going to get you information.
DoSing will be the most effective and quick route.
"And knowing is half the battle". -G.I. Joe
Share Your Thoughts