Jump to content


Photo
- - - - -

Website hacking


  • Please log in to reply
27 replies to this topic

#1 Istrancis

Istrancis

    mad 1337

  • Members
  • 140 posts

Posted 21 January 2006 - 08:19 PM

Hi everyone! I haven't posted in a while, but I've been reading away here from time to time, trying to gather info and that, like you guys advised! Thanks for that!

I've decided that one particular area of hacking that I want to know about is how to break into a website. You know, like you see in the movies, kind of. I'd like to know how to get in, look around the network and stuff, and then get out, without being caught. I also would appreciate info on how to erase my log in entry.

Any info you guys can offer is appreciated, thanks in advance!

Also, my apologies if this request is in any way against the rules!

#2 Rightcoast

Rightcoast

    mmm ... donuts

  • Agents of the Revolution
  • 2,074 posts
  • Gender:Male
  • Location:321

Posted 21 January 2006 - 08:36 PM

Nah, I don't see how it would be against the rules. It's a part of security, and at it's core, hacking as well. The question is *very* broad though. What I would really suggest in all seriousness is learn how to install and configure a secure Apache install (or IIS if you can get a copy). It will give you an understanding of how web servers work, and also (this is important) give a machine you can attack with impunity. Learning to wipe logs "on the fly" on websites is risky. Not that you were saying you wanted to do that, just throwing it out there.

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

#3 dasnov

dasnov

    DDP Fan club member

  • Members
  • 41 posts

Posted 21 January 2006 - 10:14 PM

know your enemy. go to netcraft and get information about whoever you are trying to attack. then start studying the default installs, start reading bug tracking sites. and check for obvious things like sql injection or other bugs in the actual website itself.

#4 rekenaar

rekenaar

    mad 1337

  • Binrev Financier
  • 136 posts
  • Gender:Male
  • Location:303/720

Posted 22 January 2006 - 01:11 AM

As with anything in computers, the more you can learn and experiment, the better you will become. The best advice is read, read, read. There are a number of good sites to learn from such as textfiles.com and irongeek.com.

#5 darkcoder

darkcoder

    n00bie

  • Members
  • 10 posts

Posted 23 January 2006 - 10:59 AM

To start of, I suggest you test yourself by clearing all 10 basic web in http://hackthissite.org/ and perhaps move onto realistic missions.
Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
http://www.download....4-10368502.html

good luck with the hacking

#6 Evil1

Evil1

    elite

  • Members
  • 117 posts
  • Location:Uranius (heh heh)

Posted 23 January 2006 - 06:00 PM

darkcoder....where have i seen that handle. Its damn familiar...

#7 PFI

PFI

    SUP3R 31337 P1MP

  • Members
  • 259 posts
  • Location:AZ

Posted 24 January 2006 - 12:18 AM

To start of, I suggest you test yourself by clearing all 10 basic web in http://hackthissite.org/ and perhaps move onto realistic missions.
  Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
  If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
http://www.download....4-10368502.html

good luck with the hacking

View Post



hey did they finally get that fixed? last i heard you get stuck on level 4 or something. and levels 4-10 and some realistic ones are screwed up.

#8 spectacle

spectacle

    SCRiPT KiDDie

  • Members
  • 24 posts

Posted 24 January 2006 - 12:38 AM

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

View Post

How do you go about "crawl"ing a website?

#9 Z-95

Z-95

    SCRiPT KiDDie

  • Members
  • 21 posts

Posted 24 January 2006 - 01:52 AM

HTTrack works nicely and is open source.
http://www.httrack.com/

#10 Rightcoast

Rightcoast

    mmm ... donuts

  • Agents of the Revolution
  • 2,074 posts
  • Gender:Male
  • Location:321

Posted 24 January 2006 - 02:04 PM

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

View Post

How do you go about "crawl"ing a website?

View Post

With wget of course! Windows port here:
http://www.interlog....on/wgetwin.html

I haven't used HTTrack, but its probably a GUI doing the same thing. Whichever you prefer should work.

#11 SUB-S0NIX

SUB-S0NIX

    !Pee-Wee Pimpin!

  • Members
  • 1,381 posts

Posted 24 January 2006 - 03:40 PM

Dont forget you also have to be able to make sense of source code and know some scripting languages such as HTML(duh!), JavaScript, VBScript, and PHP. There also is perl, asp, and others but most of the time they are used for server side scripting.


If you want to learn some of the basic scripting languages check out http://www.w3schools.com/ .

Edited by SUB-S0NIX, 24 January 2006 - 03:41 PM.


#12 Istrancis

Istrancis

    mad 1337

  • Members
  • 140 posts

Posted 01 February 2006 - 04:50 PM

Thanks a lot guys, all the advice is much appreciated!

I've gone through a couple of textfiles, and I was wondering about using command prompt. Would anyone here be able to suggest any uses for it? Also, what ports should I use etc.

Thanks again!

#13 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 02 February 2006 - 01:54 PM

you mean what Windows or *Nix command prompt If you mean Windows you can't really do much with it but *nix you can do bunch of stuff

#14 Shylock_

Shylock_

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 11 posts

Posted 03 February 2006 - 05:51 PM

for remote hacking windows telnet prompt is just as good as a nix command line..let's not turn this into os v os

#15 kitche

kitche

    Hakker addict

  • Members
  • 549 posts

Posted 03 February 2006 - 06:26 PM

well no I was asking for what command prompt really I never use the windows command prompt for telnetting. Just was wondering and by the way I used windows isn't really userful I didn't say not totally unuseful

Edited by kitche, 03 February 2006 - 06:27 PM.


#16 Istrancis

Istrancis

    mad 1337

  • Members
  • 140 posts

Posted 03 February 2006 - 06:29 PM

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

#17 ali_ali

ali_ali

    DDP Fan club member

  • Members
  • 42 posts
  • Location:Somewhere

Posted 04 February 2006 - 01:15 PM

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

View Post



What can we do After FTP access.

#18 Booter

Booter

    rekcah-rebÜ

  • Agents of the Revolution
  • 742 posts
  • Location:The 'Burbs

Posted 04 February 2006 - 01:20 PM

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

View Post



What can we do After FTP access.

View Post


Umm... really cool shit like:

Upload files
Download files

#19 jabzor

jabzor

    hax?

  • Agents of the Revolution
  • 1,146 posts
  • Country:
  • Gender:Male
  • Location:Northern Elbonia, fighting the lefties

Posted 04 February 2006 - 02:38 PM

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

View Post



What can we do After FTP access.

View Post


Umm... really cool shit like:

Upload files
Download files

View Post

- SITE EXEC <- :)
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution B)

:lol:

#20 ali_ali

ali_ali

    DDP Fan club member

  • Members
  • 42 posts
  • Location:Somewhere

Posted 04 February 2006 - 02:42 PM

Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

View Post



What can we do After FTP access.

View Post


Umm... really cool like:

Upload files
Download files

View Post

- SITE EXEC <- :)
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution B)

:lol:

View Post



But it asks for username and Password After Anonymous log in

Edited by ali_ali, 04 February 2006 - 02:58 PM.





BinRev is hosted by the great people at Lunarpages!