I am gonna discuss about web hack . What it is and what method we use to pawn a website There are hell of method .
I'm gonna explain most common method which are being used by an attacker .
1# Sql Injection 70%
2# Lfi
30% for both
3# RFI
Before I begin I would like to explain some thing which is very important all skilled person know what I'm gonna talk about. ah.. ok its enumeration .
Most of the noob just visit php site and look for fuckin sqli if failed they move back . A good skill person will surely find an other way to pawn it.
For that he/she will dig the information about that target webserver/website. Our target will be abc.com
Step-1# What we need:
This is what we start our journey , visiting out target website to have an idea. We have found get basic info site based on php ok fine. Now what ..?
Bare in mind in this tutorial I am not gonna use any automate tool or any thing it will be fully manual finding.
Step-2# Information Gathering:
What information do we need to gather for attack on our target?? Obviously loophole in a website , try to make your habit to review the website source code.
That will help a lot and make things easier for attack. In my case of abc.com is a wordpress 3.2.1 and full patched . We assume is it on shared hosting.
Step-2.1# Looking for other vuln website on same host:
Now we will look for an other target (vuln website) that hosted on same server where our target is hosted . We will look for I.E SQLi , RFI , LFI these are
most common attacking approach.
Step-2.2# IP information/Reverse Domain Lookup:
We will use nslookup or dig to find out IP address of abc.com .
I.E : nslookup abc.com
Code:
Server: x.x.x.x
Address: x.x.x.x#53
Non-authoritative answer:
Name: abc.com
Address: 1.2.3.4
dig abc.com
Code:
;; ANSWER SECTION:
abc.com. 300 IN A 1.2.3.4
We are sure that our abc.com is point to 1.2.3.4 , how to get other domain information which are hosted on same server ? There are online tool available for
this purpose following are two websites :
Code:
http://domaintz.com/tools/
Why I recommended domaintz.com because it will bring up apropirate results. Ive test abc.com on yougetsingal.com it gave me only 73 but with
domaintz.com gave a perfect one 400 wow .
Step-3# Attacking:
We have found a website vuln to sqli , Im skiping how to sqli work this is behind the scope of this tutz. Hint will be you will have to check those website
for vuln either for sqli , rfi , lfi even some website having default user/pass like . admin:admin or admin:123456 .
Now reset of things you know what to do ;). uploading shell then launching symlink attack to pawn actual target on same host .
The main purpose of this tutz is to think out of the box , think about many possibility to hack a website/server. Hope you enjoy it ;) .
Most Important thing in this tutorial is from Step#2 - 2.2 and review source code of your target that will help you a lot really. Mostly website open to directory triversal or discloser ;)
Hope you enjoy reading this .
======================================================
"For more information about NetworkzPeritus, you may visit our website at http://www.NetworkzPeritus.com/ & blog at http://networkzperitus.blogspot.in/
Posted by Viviek
Posted by Viviek
No comments:
Post a Comment