How to hack a website

How to hack a website

First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
Code:
nmap -sT -O -p 1-250 -vv www.thesiteyouwishtohackgoesrighthere.xxx

So, me example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca

By the way, that is my school site, hack it if you want to :P

So, then you should get something like this.
this is my nmap result (Click to View)
C:\Documents and Settings\Captian falcon\Desktop\Tools\Reconnaissance\nmap-4.68>
nmap -sT -O -p 1-250 -vv http://www.mchs.gsacrd.ab.ca

Starting Nmap 4.68 ( http://nmap.org ) at 2008-07-27 19:12 Mountain Daylight Tim
e
Initiating Ping Scan at 19:12
Scanning 199.216.233.173 [2 ports]
Completed Ping Scan at 19:12, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:12
Completed Parallel DNS resolution of 1 host. at 19:12, 0.03s elapsed
Initiating Connect Scan at 19:12
Scanning gsacrd.ab.ca (199.216.233.173) [250 ports]
Discovered open port 80/tcp on 199.216.233.173
Discovered open port 22/tcp on 199.216.233.173
Discovered open port 21/tcp on 199.216.233.173
Completed Connect Scan at 19:13, 24.94s elapsed (250 total ports)
Initiating OS detection (try #1) against gsacrd.ab.ca (199.216.233.173)
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
Host gsacrd.ab.ca (199.216.233.173) appears to be up ... good.
Scanned at 2008-07-27 19:12:46 Mountain Daylight Time for 27s
Interesting ports on gsacrd.ab.ca (199.216.233.173):
Not shown: 247 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: general purpose
Running: Apple Mac OS X 10.3.X|10.4.X
OS details: Apple Mac OS X 10.3.9 (Panther) (Darwin 7.9.0, PowerPC), Apple Mac O
S X 10.3.9 (Panther) - 10.4.7 (Tiger) (Darwin 7.9.0 - 8.7.8, PowerPC)
OS Fingerprint:
OS:SCAN(V=4.68%D=7/27%OT=21%CT=%CU=%PV=N%G=N%TM=488D1D2A%P=i686-pc-windows-
OS:windows)OPS(O1=%O2=%O3=%O4=%O5=%O6=)WIN(W1=0%W2=0%W3=0%W4=0%W5=0%W6=0)EC
OS:N(R=Y%DF=N%TG=40%W=0%O=%CC=N%Q=)T1(R=Y%DF=N%TG=40%S=Z%A=S+%F=AR%RD=0%Q=)
OS:T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)U1(R=N)IE(R=N
OS:)


Read data files from: C:\Documents and Settings\Captian falcon\Desktop\Tools\Rec
onnaissance\nmap-4.68
OS detection performed. Please report any incorrect results at http://nmap.org/s
ubmit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.719 seconds
Raw packets sent: 42 (4348B) | Rcvd: 11 (712B)
Sometimes, it will say that the site is down, if so, put the -P0 at the end (Its a 0 not a o)
So the example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca -P0



Alright, now, say that the site has a firewall, so that would mean, that your scan would say 0 open ports :(
But, don't worry. It is still possable to get into the site.

So, next thing you need to do is download netcat
Then, type this is :P
Code:
nc -vv www.mchs.gsacrd.ab.ca 80


Then, when something pops up, you may need to type
Code:
GET test

Then, you should get something like this.

This is what I got from netcat (Click to View)
C:\Documents and Settings\Captian falcon\Desktop\Tools\Backdoor Apps\NETCAT>nc -
vv http://www.mchs.gsacrd.ab.ca 80
DNS fwd/rev mismatch: docs.mchs.gsacrd.ab.ca != gsacrd.ab.ca
docs.mchs.gsacrd.ab.ca [199.216.233.173] 80 (http) open
GET test

Bad Request

Your browser sent a request that this server could not understand.

Invalid URI in request GET test

---

Apache/1.3.41 Server at http://www.mchs.gsacrd.ab.ca Port 80

sent 9, rcvd 328: NOTSOCK

Fianlly, we have most of what we need.


Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22.
Port 22 (Click to View)
SSH-2.0-OpenSSH_4.7
So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.

Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY ecample would be.
Code:
Apache

Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.

And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want.
The sky is the limit.