Hey guyz i am back with yet another lame question but i cant resist my temptation of hacking some websites... (Already hacked many but only using SQLI)
Here's what i follow :-
1st method Method (damn! Easy) :-
1. nessus scan..
2. check report
2nd method :-
Fire up Nikito
Scan the host
check the report for vulnerbilities
3rd Method ;-
1. Get a target
2. fire up metasploit
3. db_nmap
4. db_autopwn
/* If no success */
5. try some auxiliary modules like bruteforcer's , crawlers etc..
Things i want to know :-
1. How to find some easy targets
2. Any more , advanced methods..
3. Some Ebooks
erm....sounds all good, but to be honest it has not much to do with reality. of course you have to gather informations about a target, but all those automatic scanning tools are mostly even counterproductive because they:
1. light up the server logs like a christmas tree
2. produce LOADS of false positives
Maybe after successfully using Sql injection to get access to a website you can try uploading a shell of your choice.
You can root the server through that and/or browse the directories for other websites running on the same server if you want to deface every website on the server!
Personally just like making minor changes as defacing will definitely alert people that you really were there. So I don't really like to leave any trace at all and just do it all for the sake of being able to get in out of curiosity. But thats just me :p
Yeah.. I do the same.. But what if the site doesn't have SQLI vulnerabilities!! Actually most of the maintained sites are not vulnerable to SQLI...As nowadays its the popular way of breaking..
Yeah that is where my skills can't go to yet
The only other way would be cracking SSH on port 22 (if its open) but even then i doubt it would work these days since i know that most of the good websites use a strong password for SSH. Even if you did have a very good wordlist it would take ages and some servers block you for awhile if you failed to use the right password in x tries. hmm...
I guess you'll have to find some sort of new vulnerability to exploit in the server itself and that is where i get completely lost. I have no idea how other people do it. You see people getting into high profile sites all the time.
If the site is not on a dedicated server you could do a reverse IP scan and look for other sites on the server that might have vulnerabilities you know so that you could get in.
Each hacker spends his early years attempting to ascertain the perfect toolkit to add to their arsenal of knowledge we call hacking. Metasploit is such a framework that multiple needs for a hacker and provides a flexible framework to also add in the development of exploits. Metasploit comes with many modules and auxiliaries that enable you to enumerate and asset vulnerabilities. Metasploit is very easy to use, and has a GUI interface as well, one GUI for Metasploit is Armitage. From Metasploit you can learn exploit development easily, since it is an exploit development framework. It is one of the few frameworks that have a 'check' feature to see if an exploit can be properly deployed on a specific target. I would not rely on db_autopwn as a main utility to gain root, especially as previously stated, it will set a redflag in the logs. For example, Metasploit's Meterpreter offers highly advance and flexible functionality, while still maintaining stealth since it loads directly into memory most AV's will not automatically flag it. Metasploit includes many other features that have more evasive advance options. I would consider using Armitage with Metasploit when you first start out. Later on you might find msfcli and msfconsole useful. I would recommend learning about exploit development first, and figuring out how exactly an exploit is deployed.
You can start off setting up a VMware environment and testing exploits through there. One great example of a pre-made test environment for VMware is Metasploitable. Metasploitable is a packaged Ubuntu Server (8.04) that has a few vulnerabilities. You can download Metasploitable from here: http://blog.metasploit.com/2010/05/intr ... table.html
Try Google Dorks. This can set you on a path to a sweet target.
When looking for documents, try directory traversal to reveal all the documents -
ftp://ftp.rta.nato.int/PubFulltext/AGARD/CP/AGARD-CP.../04CHAP01.pdf
In most cases, you can stop a .PDF from loading, cut the .pdf file name from the URL and see if it reveals the parent directory of all the PDFs.
Delete the .PDF file name and you see the directory of :
ftp://ftp.rta.nato.int/PubFulltext/AGARD/CP/AGARD-CP-602/
Now, you can keep cutting up the URL to see how far inside the directory you can get.
This works on the HTTP as well as FTP port.
Read the news for new companies, smaller the better popping up. Bigger companies being brought out by another (great if they 'went out of business' or were brought under hostile takeover - that means IT staff was fired or quit, new IT staff will have no clue about 'new' network's behaviors.)
Make a Map of an organization, look for vendors and third parties that attach to a secure network of a larger company. See :
http://www.robtex.com/dns/gov.rw.html#graph
Focus on other network devices besides servers.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
DNR you never seize to amaze me with your logic. Small companies - I never would have thought of this concept. Opened up my eyes a bit.
Back on topic. When I hack something the first thing I do is not tell anyone. Its very tempting to blab about what you can do and a mature hacker will tell you this is a tough thing to overcome. We humans are raised to be rewarded for doing something innovative but the real hacker knows that he/she has to learn to diverge this response while digesting the results in solidarity.
I wont list ways to root a server, I wont show you how to elude mainstream tech gadgets, instead I say "learn learn learn".
Floodie and 3xtortion brought up an important point - you do it to learn and satisfy yourself.
You do not need to brag or tell others of your exploits, it is for your satisfaction.
You should be satisfied with learning new things, learning things that improve your life.
No need to share your exploits with others - many will not understand anyways.
The first thing a hacker does is separate himself from society. He no longer needs the superfluous rewards, the wine and games to distract - he cannot be manipulated by social games and government/corporate media mind control. Since you cannot be brought with shiny objects and junk, you seek something more substantial - something real. You do not need society to reward you, you can do it for yourself.
-DN
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
