Istrancis

Website hacking

28 posts in this topic

Hi everyone! I haven't posted in a while, but I've been reading away here from time to time, trying to gather info and that, like you guys advised! Thanks for that!

I've decided that one particular area of hacking that I want to know about is how to break into a website. You know, like you see in the movies, kind of. I'd like to know how to get in, look around the network and stuff, and then get out, without being caught. I also would appreciate info on how to erase my log in entry.

Any info you guys can offer is appreciated, thanks in advance!

Also, my apologies if this request is in any way against the rules!

Share this post


Link to post
Share on other sites
Nah, I don't see how it would be against the rules. It's a part of security, and at it's core, hacking as well. The question is *very* broad though. What I would really suggest in all seriousness is learn how to install and configure a secure Apache install (or IIS if you can get a copy). It will give you an understanding of how web servers work, and also (this is important) give a machine you can attack with impunity. Learning to wipe logs "on the fly" on websites is risky. Not that you were saying you wanted to do that, just throwing it out there.

After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH

Share this post


Link to post
Share on other sites
know your enemy. go to netcraft and get information about whoever you are trying to attack. then start studying the default installs, start reading bug tracking sites. and check for obvious things like sql injection or other bugs in the actual website itself.

Share this post


Link to post
Share on other sites
As with anything in computers, the more you can learn and experiment, the better you will become. The best advice is read, read, read. There are a number of good sites to learn from such as textfiles.com and irongeek.com.

Share this post


Link to post
Share on other sites
To start of, I suggest you test yourself by clearing all 10 basic web in [url="http://hackthissite.org/"]http://hackthissite.org/[/url] and perhaps move onto realistic missions.
Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
[url="http://www.download.com/Your-Freedom/3000-2381_4-10368502.html"]http://www.download.com/Your-Freedom/3000-...4-10368502.html[/url]

good luck with the hacking

Share this post


Link to post
Share on other sites
darkcoder....where have i seen that handle. Its damn familiar...

Share this post


Link to post
Share on other sites
[quote name='darkcoder' date='Jan 23 2006, 08:59 AM']To start of, I suggest you test yourself by clearing all 10 basic web in [url="http://hackthissite.org/"]http://hackthissite.org/[/url] and perhaps move onto realistic missions.
  Then you should read alot on cross side scripting and sql injections, those are 2 fundamental pedestals in website hacking.
  If you want to be able to hack a site without getting caught, or logged you will, to be absolutely safe, need a proxy. If you dont know what it is, or how to use one, then I suggest Your freedom. Get it at:
[url="http://www.download.com/Your-Freedom/3000-2381_4-10368502.html"]http://www.download.com/Your-Freedom/3000-...4-10368502.html[/url]

good luck with the hacking
[right][snapback]166924[/snapback][/right]
[/quote]


hey did they finally get that fixed? last i heard you get stuck on level 4 or something. and levels 4-10 and some realistic ones are screwed up.

Share this post


Link to post
Share on other sites
[quote name='RightCoast' date='Jan 21 2006, 05:36 PM']After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH
[right][snapback]166555[/snapback][/right]
[/quote]
How do you go about "crawl"ing a website?

Share this post


Link to post
Share on other sites
HTTrack works nicely and is open source.
[url="http://www.httrack.com/"]http://www.httrack.com/[/url]

Share this post


Link to post
Share on other sites
[quote name='spectacle' date='Jan 24 2006, 12:38 AM'][quote name='RightCoast' date='Jan 21 2006, 05:36 PM']After getting the server to serve a page, look to exploit Apache vulnerabilities, phpbb or anything else you have on the machine. Crawl the website to look at it offline. Look into authentication attacks. Try a few of the wargames out there. There are a lot of aspects to this and ways to do it. Good Luck. HTH
[right][snapback]166555[/snapback][/right]
[/quote]
How do you go about "crawl"ing a website?
[right][snapback]167087[/snapback][/right]
[/quote]
With wget of course! Windows port here:
[url="http://www.interlog.com/~tcharron/wgetwin.html"]http://www.interlog.com/~tcharron/wgetwin.html[/url]

I haven't used HTTrack, but its probably a GUI doing the same thing. Whichever you prefer should work.

Share this post


Link to post
Share on other sites
Dont forget you also have to be able to make sense of source code and know some scripting languages such as HTML(duh!), JavaScript, VBScript, and PHP. There also is perl, asp, and others but most of the time they are used for server side scripting.


If you want to learn some of the basic scripting languages check out [url="http://www.w3schools.com/"]http://www.w3schools.com/[/url] . Edited by SUB-S0NIX

Share this post


Link to post
Share on other sites
Thanks a lot guys, all the advice is much appreciated!

I've gone through a couple of textfiles, and I was wondering about using command prompt. Would anyone here be able to suggest any uses for it? Also, what ports should I use etc.

Thanks again!

Share this post


Link to post
Share on other sites
you mean what Windows or *Nix command prompt If you mean Windows you can't really do much with it but *nix you can do bunch of stuff

Share this post


Link to post
Share on other sites
for remote hacking windows telnet prompt is just as good as a nix command line..let's not turn this into os v os

Share this post


Link to post
Share on other sites
well no I was asking for what command prompt really I never use the windows command prompt for telnetting. Just was wondering and by the way I used windows isn't really userful I didn't say not totally unuseful Edited by kitche

Share this post


Link to post
Share on other sites
Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?

Share this post


Link to post
Share on other sites
[quote name='Istrancis' date='Feb 3 2006, 07:29 PM']Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?
[right][snapback]169119[/snapback][/right]
[/quote]


What can we do After FTP access.

Share this post


Link to post
Share on other sites
[quote name='ali_ali' date='Feb 4 2006, 12:15 PM'][quote name='Istrancis' date='Feb 3 2006, 07:29 PM']Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?
[right][snapback]169119[/snapback][/right]
[/quote]


What can we do After FTP access.
[right][snapback]169232[/snapback][/right]
[/quote]

Umm... really cool shit like:

Upload files
Download files

Share this post


Link to post
Share on other sites
[quote name='Booter' date='Feb 4 2006, 11:20 AM'][quote name='ali_ali' date='Feb 4 2006, 12:15 PM'][quote name='Istrancis' date='Feb 3 2006, 07:29 PM']Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?
[right][snapback]169119[/snapback][/right]
[/quote]


What can we do After FTP access.
[right][snapback]169232[/snapback][/right]
[/quote]

Umm... really cool shit like:

Upload files
Download files
[right][snapback]169235[/snapback][/right]
[/quote]
- SITE EXEC <- :)
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution B)

:lol:

Share this post


Link to post
Share on other sites
[quote name='jabzor' date='Feb 4 2006, 03:38 PM'][quote name='Booter' date='Feb 4 2006, 11:20 AM'][quote name='ali_ali' date='Feb 4 2006, 12:15 PM'][quote name='Istrancis' date='Feb 3 2006, 07:29 PM']Yeah, I'm talking about Windows. I don't think I'm ready to take on and *nix stuff just yet, although I hear it's become far more user friendly recently.

So can you guys recommend any commands?
[right][snapback]169119[/snapback][/right]
[/quote]


What can we do After FTP access.
[right][snapback]169232[/snapback][/right]
[/quote]

Umm... really cool like:

Upload files
Download files
[right][snapback]169235[/snapback][/right]
[/quote]
- SITE EXEC <- :)
- directory transversal (unicode hex and \.)
- downloading useraccount/passwords
- uploading executables to autorun directories
- overflowing cmd buffers.. local shell execution B)

:lol:
[right][snapback]169248[/snapback][/right]
[/quote]


But it asks for username and Password After Anonymous log in Edited by ali_ali

Share this post


Link to post
Share on other sites
[quote name='ali_ali' date='Feb 4 2006, 12:42 PM']But it asks for username and Password After Anonymous log in
[right][snapback]169249[/snapback][/right]
[/quote]
user / pwd overflow and sploits,
all depends on the server.. people must learn to google and read texts.. come on :angry: :huh:

:roll:

Share this post


Link to post
Share on other sites
hacking a website is not the same thing every time. One time you might use SQL injection, but another time you could be doing something completely different.

Share this post


Link to post
Share on other sites
hello, I was learning a little about website security and run into that example(it is a password box):
[quote]<form action="?turengdel=10905" method="post" name="form">
<table border="0" cellspacing="0" cellpadding="0" style="border: 0px;" align="center">[/quote]

on the other examples there were a URL or something like that instead of [i]?turengdel=10905[/i]. What is it? And can it lead to the password file?

Share this post


Link to post
Share on other sites
[quote name='m4rtin' post='261077' date='Jun 1 2007, 12:41 AM']hello, I was learning a little about website security and run into that example(it is a password box):
[quote]<form action="?turengdel=10905" method="post" name="form">
<table border="0" cellspacing="0" cellpadding="0" style="border: 0px;" align="center">[/quote]

on the other examples there were a URL or something like that instead of [i]?turengdel=10905[/i]. What is it? And can it lead to the password file?
[/quote]
The form will go to [url="http://whateverwebsite.com/?turengdel=10905"]http://whateverwebsite.com/?turengdel=10905[/url] and send the data from the form.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now