How to Hack Website


Here I am going to share some real hacking techniques, using which one can hack any server or website.

This post is for educational purpose only.

The best vulnerability scanner software and assessment tool: Nessus & Exploitation Tool: Metasploit Framework

Used Tools are freely available on internet:Tool

  • 1. NESSUS
  • 2. OpenVAS Server
  • 3. OpenVAS Client
  • 4. Nmap
  • 5. Nikto
  • 6. SQLMap
  • 7. Metasploit

Steps need to be followed to hack a server is as cited below:

 1. Fist port scanning, Scan target server open ports with N-Map or Angry-IP

2. Second step is Service enumeration. Here you have to use N-Map to determine what services are open and available.
To know how to perform Enumeration and foot printing attack, please Google it :)

3. The third step is Scanning target to find the vulnerabilities. For this you have to use NESSUS or OPEN VAS. These tools will scan all open ports, regardless of common and defaulted settings. This will confirm listening services and check those against a database of exploitable services. To see if you are running any services that are mis-configured or vulnerable to exploits.

Note:If you want to working of NESSUS...OR How to use NESSUS video tutorials available on YouTube.com

4. You can also use Nikto. It will used to check the web server(s) for mis-configurations and exploitable web applications.

5. After all these scanning, play with SQL. Use Sqlmap for this. You can also use few more SQL tools, softwares and techniques.

6. The next step is to get access on system using the vulnerabilities found. Gaining Access on remote system. This you can achieve using Metasploit software. To know how to use metasploit search in http://www.securitytube.net

7. The next step is to maintain you access on the compromised system.
Upload shell like c99,b374k,r57_kartal or upload any backdoors like sshdoor and also any perl,python backdoors.

8. Now you are able to anything like deface or root server (rooting server pritty much interesting but for that need good command in Linux)

10. After uploading shell check kernel version with this command "uname -a" it show like this "Linux shell99 2.6.35-28-generic #50-Ubuntu SMP Fri Mar 18 19:00:26 UTC 2011 i686 GNU/Linux"

11. Now u have kernel version now search Local kernel exploit and upload into server and run (exploit upload in Temp folder coz temp folder always writable) don't forget to change the permission of the exploit to using this command "chmod 777"

12. Run exploit and you will get root, check with this command "whoami"

9. THIS IS THE MOST IMPORTANT STEP Covering Tracks. After you activities, you must remove all your track records....;)
Remove all Log files using Log Cleaner

Posted by Viviek
www.NetworkzPeritus.com

Posted by
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)