Jonelliott

You have been hacked! Sign

15 posts in this topic

You've seen the commonly found sign on those hacked websites "You have been h4xored" well I was wondering. My theory is that you have to gain access to the victim's web server to do that. Am I right or wrong? And if there is another way to do this please tell me. (Thats the only way I could of think of changing HTML on the website)

0

Share this post


Link to post
Share on other sites

Other than gaining straight access to the server some sites can be exploited to allow you to write files on the server. So it would just be a matter of replacing the index file.

0

Share this post


Link to post
Share on other sites

You don't necessarily need to root the server, or even get a shell. In many cases, the http server is running with privs to write to the index file. Either overwrite an index.html or index.php file, or create a file like index.html that will be first in the server's search path for the "index" file. This shouldn't be the case, but it often is due to incompetent server admins (something the world has no shortage of).

An example. A lot of older naive PHP scripts that used register globals were vulnerable to variable injection. If they were supposed to write the contents of a web form to a file, but the filename of that file was taken from a variable, you could trick the script into writing to arbitrary files it had permission to write to. Remember that most vulnerabilities (especially on websites, where programmers have the least amount of skill) come from really stupid mistakes or misconfigurations. Most defaced sites are not complex attacks, they're stupid mistakes in shoddy software or skiddies using a more complex attack written by someone else.

Of course, there's more than 7 ways to skin a cat. You could always call up the hosting company, pretend to be the webmaster in some emergency and bullshit them into resetting "your" password. The world is full of possibilities, if you restrict yourself to "I have to exploit a software vulnerability" then you might as well just stick your head in the sand.

0

Share this post


Link to post
Share on other sites

Don't forget about sql injection.

0

Share this post


Link to post
Share on other sites
Don't forget about sql injection.

That still works? Everytime I have tried it I have failed.

0

Share this post


Link to post
Share on other sites
Don't forget about sql injection.

That still works? Everytime I have tried it I have failed.

...... yes it still works O_o ive got a pretty big list of servers vulnerable with easy strings like

' or 'a'='a

but anyway, dude try RFI, using a PHP shell. google it.

edit: rfi = remote file inclusion

Edited by hbp71605
0

Share this post


Link to post
Share on other sites

Ohm, raises a very valid point. Most web servers have basically three "doors" to attack. My opinion on their order of vulnerability:

1. Web Application

2. HTTP Server

3. Operating System

Web application could be anything from Wordpress, to Joomla!, or any other type of common content management system. If you see a defaced website, the odds are very high that someone found them to be running an unpatched app, and ran a canned exploit against it. As Ohm mentioned, this would require no shell access whatsoever.

This is how I feel people get hosed on security administration. They say, "I've got the firewall, the IDS, complex passwords, and all my processes running in jails as unprivledged users. I'm rock-fucking SOLID!" And then some skiddie pwns their Wordpress blog because they never think to update it.

0

Share this post


Link to post
Share on other sites

And though fairly uncommon, there are server side includes that if enabled could be potentially abused.

0

Share this post


Link to post
Share on other sites

I suppose its also possible, but normally really likely, that somebody with physical access to the server or the machine could have made the change. For example somebody walking by while a web designer was in the bathroom or something. But more then likely its an external attack from the Internet.

Edited by Drake Anubis
0

Share this post


Link to post
Share on other sites
I suppose its also possible, but normally really likely, that somebody with physical access to the server or the machine could have made the change. For example somebody walking by while a web designer was in the bathroom or something. But more then likely its an external attack from the Internet.

No.. Not really... :huh:

0

Share this post


Link to post
Share on other sites
No.. Not really... :huh:

Dude, one time a friend of mine was changing something on his webpage (back before blogs) and he left for a second so me and the other guy I was with put in changes like "I've been p0w3nd!", and they stayed there for like three weeks.

0

Share this post


Link to post
Share on other sites
No.. Not really... :huh:

Dude, one time a friend of mine was changing something on his webpage (back before blogs) and he left for a second so me and the other guy I was with put in changes like "I've been p0w3nd!", and they stayed there for like three weeks.

I dont plan on gaining physical access to a computer.. Unless I wanted too, which I would prefer not too.

0

Share this post


Link to post
Share on other sites
I dont plan on gaining physical access to a computer.. Unless I wanted too, which I would prefer not too.

Oh I'm sorry, I didn't understand that you were asking a question on how to, I thought you were just asking all of the possibilities. My Mistake.

0

Share this post


Link to post
Share on other sites
I dont plan on gaining physical access to a computer.. Unless I wanted too, which I would prefer not too.

Oh I'm sorry, I didn't understand that you were asking a question on how to, I thought you were just asking all of the possibilities. My Mistake.

It is fine I'm open for new ideas

Thanks.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now