27 replies to this topic

[Istrancis]

Hi everyone! I haven't posted in a while, but I've been reading away here from time to time, trying to gather info and that, like you guys advised! Thanks for that!

I've decided that one particular area of hacking that I want to know about is how to break into a website. You know, like you see in the movies, kind of. I'd like to know how to get in, look around the network and stuff, and then get out, without being caught. I also would appreciate info on how to erase my log in entry.

Any info you guys can offer is appreciated, thanks in advance!

Also, my apologies if this request is in any way against the rules!

[Rightcoast]

Nah, I don't see how it would be against the rules. It's a part of security, and at it's core, hacking as well. The question is *very* broad though. What I would really suggest in all seriousness is learn how to install and configure a secure Apache install (or IIS if you can get a copy). It will give you an understanding of how web servers work, and also (this is important) give a machine you can attack with impunity. Learning to wipe logs "on the fly" on websites is risky. Not that you were saying you wanted to do that, just throwing it out there.

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

[dasnov]

know your enemy. go to netcraft and get information about whoever you are trying to attack. then start studying the default installs, start reading bug tracking sites. and check for obvious things like sql injection or other bugs in the actual website itself.

[rekenaar]

As with anything in computers, the more you can learn and experiment, the better you will become. The best advice is read, read, read. There are a number of good sites to learn from such as textfiles.com and irongeek.com.

[darkcoder]

To start of, I suggest you test yourself by clearing all 10 basic web in http://hackthissite.org/ and perhaps move onto realistic missions.
Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
http://www.download....4-10368502.html

good luck with the hacking

[Evil1]

darkcoder....where have i seen that handle. Its damn familiar...

[PFI]

To start of, I suggest you test yourself by clearing all 10 basic web in http://hackthissite.org/ and perhaps move onto realistic missions.
  Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
  If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
http://www.download....4-10368502.html

good luck with the hacking

hey did they finally get that fixed? last i heard you get stuck on level 4 or something. and levels 4-10 and some realistic ones are screwed up.

[spectacle]

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

How do you go about "crawl"ing a website?

[Z-95]

HTTrack works nicely and is open source.
http://www.httrack.com/

[Rightcoast]

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

How do you go about "crawl"ing a website?

With wget of course! Windows port here:
http://www.interlog....on/wgetwin.html

I haven't used HTTrack, but its probably a GUI doing the same thing. Whichever you prefer should work.

[SUB-S0NIX]

Dont forget you also have to be able to make sense of source code and know some scripting languages such as HTML(duh!), JavaScript, VBScript, and PHP. There also is perl, asp, and others but most of the time they are used for server side scripting.


If you want to learn some of the basic scripting languages check out http://www.w3schools.com/ .

Edited by SUB-S0NIX, 24 January 2006 - 03:41 PM.

[Istrancis]

Thanks a lot guys, all the advice is much appreciated!

I've gone through a couple of textfiles, and I was wondering about using command prompt. Would anyone here be able to suggest any uses for it? Also, what ports should I use etc.

Thanks again!

[kitche]

you mean what Windows or *Nix command prompt If you mean Windows you can't really do much with it but *nix you can do bunch of stuff

[Shylock_]

for remote hacking windows telnet prompt is just as good as a nix command line..let's not turn this into os v os

[kitche]

well no I was asking for what command prompt really I never use the windows command prompt for telnetting. Just was wondering and by the way I used windows isn't really userful I didn't say not totally unuseful

Edited by kitche, 03 February 2006 - 06:27 PM.

[Istrancis]

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

[ali_ali]

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

What can we do After FTP access.

[Booter]

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

What can we do After FTP access.

Umm... really cool shit like:

Upload files
Download files

[jabzor]

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

What can we do After FTP access.

Umm... really cool shit like:

Upload files
Download files

- SITE EXEC <-
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution

[ali_ali]

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

What can we do After FTP access.

Umm... really cool like:

Upload files
Download files

- SITE EXEC <-
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution

But it asks for username and Password After Anonymous log in

Edited by ali_ali, 04 February 2006 - 02:58 PM.