Hack Websites & pentesting websites [basic tutorial] 1. Check for robots.txt Most common directory is
This can contain lots of info, even though not all sites have it. It can normally indicate where the admin directory is too. robots.txt is used to restrict the Google bot's access in certain parts of a forum or a website.
If site is vulnerable, then you will get a popup message saying awdwdadwd (yes this was random). You can find more detailed articles on XSS on milw0rm or something.
5. Remote File Inclusion (RFI) -- My Fav! RFI or Remote File Inclusion is where the attacker tries to inject his own PHP code to your PHP apps...and if he's successful, then he can do whatever he wants on the server. Ok, so, lets say we have a website coded in PHP and it uses something like page=page.html to see which page is to be displayed. The code will look something like this
Hi, This just came across my desk and I had to pass it on to you ASAP… Internet multi-millionaire Mack Michaels has a few new positions available right now… If accepted you can easily rake in $11, 917 per month starting from scratch. ==> http://www.maverickmoneymaking.info/maverick.html Once you’re accepted just follow the training Mack gives you. It’s really quite simple… Learn how Mack went from not being able to afford Christmas gifts to a millionaire lifestyle and how you can too! BUT… Due to the extremely high level of Hands-On time Mack spends with every new member he has to limit the number of positions that are open. Right now there are only 2 available in your area. If you’re interested you should move quickly. ==> http://www.maverickmoneymaking.info/maverick.html Your Friend, – Mike