Website Hacking Tutorial

Posted at Sunday, November 09, 2008

Website Hacking Tutorial

*post a comment if you like it, or if there is something wrong.

First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
-----------------------------------------------------------------------
nmap -PN -sS http://www.siteyouwanttohackgoeshere.xxx -p 1-1000 -r -A -D randomdecoyip
-----------------------------------------------------------------------
So, my example would be.
-----------------------------------------------------------------------
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -A -D 156.164.25.734
-----------------------------------------------------------------------
nmap - Needs to be there tongue.gif
-PN - stops the ping
-sS - Scans for ports
-p 1-1000 - The ports to scan
-r - Makes the scan scan the ports in order
-sV - Shows what is running on the ports
-O - What opperating system is running
-D - Decoy scan

So, then you should get something like this.
-----------------------------------------------------------------------
C:\Documents and Settings\Captian falcon\Desktop\Tools\Reconnaissance\nmap-4.68>
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -sV -O -D http://www.mchs.gsacrd.ab.ca

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-01 20:56 Mountain Daylight Tim
e
Stats: 0:00:28 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 33.33% done; ETC: 20:57 (0:00:17 remaining)
Stats: 0:00:28 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 33.33% done; ETC: 20:57 (0:00:17 remaining)
Interesting ports on gsacrd.ab.ca (199.216.233.173):
Not shown: 992 filtered ports
PORT STATE SERVICE VERSION
21/tcp closed ftp
22/tcp open ssh OpenSSH 4.7 (protocol 2.0)
25/tcp closed smtp
80/tcp open http Apache httpd 1.3.41 ((Darwin) mod_ssl/2.8.31 OpenSSL/0.9.
7l PHP/4.4.8)
110/tcp closed pop3
443/tcp closed https
510/tcp closed fcp
548/tcp open afp Apple AFP (name: Document Server; protocol 3.2; Max OS X
10.4/10.5)
Device type: general purpose
Running: Apple Mac OS X 10.4.X
OS details: Apple Mac OS X 10.4.8 - 10.4.11 (Tiger) (Darwin 8.8.0 - 8.11.1)

OS and Service detection performed. Please report any incorrect results at http:
//nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.844 seconds
------------------------------------------------------------------------
Sometimes, it will say that the site is down, if so, put the -P0 at the end (Its a 0 not a o)
So the example would be.
------------------------------------------------------------------------
nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -sV -O -D http://www.mchs.gsacrd.ab.ca -P0
-----------------------------------------------------------------------


Alright, now, say that the site has a firewall, so that would mean, that your scan would say 0 open ports sad.gif
But, don't worry. It is still possable to get into the site.

So, next thing you need to do is download netcat
Then, type this
--------------------------------------------------------------------------------------------------------------------------------------
nc -vv http://www.mchs.gsacrd.ab.ca 80
--------------------------------------------------------------------------------------------------------------------------------------

Then, when something pops up, you may need to type
--------------------------------------------------------------------------------------------------------------------------------------
GET test
--------------------------------------------------------------------------------------------------------------------------------------
Then, you should get something like this.

--------------------------------------------------------------------------------------------------------------------------------------
C:\Documents and Settings\Captian falcon\Desktop\Tools\Backdoor Apps\NETCAT>nc -
vv http://www.mchs.gsacrd.ab.ca 80
DNS fwd/rev mismatch: docs.mchs.gsacrd.ab.ca != gsacrd.ab.ca
docs.mchs.gsacrd.ab.ca [199.216.233.173] 80 (http) open
GET test


400 Bad Request

Bad Request


Your browser sent a request that this server could not understand.


Invalid URI in request GET test




Apache/1.3.41 Server at http://www.mchs.gsacrd.ab.ca Port 80


sent 9, rcvd 328: NOTSOCK
--------------------------------------------------------------------------------------------------------------------------------------


Finally, we have most of what we need.


Next, we telnet to all of the open ports (If you get any)
So, if I were to telnet to the open ports, I would get (Say im telneting to port 22.
---------------------------------------------Port22---------------------------------------------------------------------------------
SSH-2.0-OpenSSH_4.7
--------------------------------------------------------------------------------------------------------------------------------------

So, to search for the exploit, I would search SSH then (Ctrl+F) 2.0
I would do that for every port I could find open.

Then, look for some exploits for the server type.
To do that, you would search for the server type and version.
MY example would be.
--------------------------------------------------------------------------------------------------------------------------------------
Apache
--------------------------------------------------------------------------------------------------------------------------------------
Then, (ctrl+f) 1.3.41
Then, edit the exploit so that it works onto your site (The one you are hacking) then compile the exploit, run it.

And, if you get a good exploit, you will get into the root of the website, and be able to edit any part of the site you want.
The sky is the limit.

--------------------------------------------------------------------------------------------------------------------------------------
Video download link
http://rapidshare.com/files/134232854/Ho...e.wmv.html
--------------------------------------------------------------------------------------------------------------------------------------

Don't get caught now.

--------------------------------------------------------------------------------------------------------------------------------------
For Nmap
http://nmap.org/download.html

For Netcat
http://sourceforge.net/project/showfiles..._id=209191

For exploits
http://www.milw0rm.com

1 comments:

albert fash said...

Here are my error logs when i tried to scan your school site,it was saying something about "-- colons only allowed in
IPv6 addresses, and then you need the -6 switch"



C:\DOCUME~1\DEEFOR~1>nmap -PN -sS http://www.nmap -PN -sS http://www.mchs.gsacrd
.ab.ca -p 1-1000 -r -A -D 156.164.25.734
Failed to resolve decoy host: 156.164.25.734 (must be hostname or IP address)
QUITTING!

C:\DOCUME~1\DEEFOR~1>nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -A -
D 10.199.212.2

Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-14 18:02 Pacific Standard Time

Invalid host expression: http://www.mchs.gsacrd.ab.ca -- colons only allowed in
IPv6 addresses, and then you need the -6 switch
QUITTING!

C:\DOCUME~1\DEEFOR~1>nmap -PN -sS http://www.mchs.gsacrd.ab.ca -p 1-1000 -r -A -
D 10.199.212.2-6
Failed to resolve decoy host: 10.199.212.2-6 (must be hostname or IP address)
QUITTING!

C:\DOCUME~1\DEEFOR~1>

So,the scan could not be completed…please,review this log reports and let me know what I should do to avoid this error next time I try to scan…thanks


Albert Fash.(yelefash@yahoo.com)