web defacing
-
ebrizzlez
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
Well... normally, I hate to get into the whole leet and skiddie subject but...Lyecdevf wrote:Defacing is for sript kiddies. Defacing a site is not a really big achievement for some one who has been in this field for many years.
A leet wouldnt deface the site and say: "EbRiZZlez was here" , they wouldnt ever show there identiy and they will try to avoid letting the adminstartor know they have been hacked so the leet can keep on going back to the site and collect information, via php scripts that can get all the users info, passwords, and IP addresses.
A skiddie is basically a braggart. The skiddie would want to show to his friends and the world how "leet" he is. But if a skiddie has the skills to pull off an injection attack and gain root without metasploit in advance, then the skiddie should reconsider..
[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]
-
pseudo_opcode
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
lol, you guys talk like as if you're really tired of defacing sites,
defacing is not actually lame, but there's a difference between defacing any vulnerable server you find and defacing a "target".
First is easy, just scan the range of ips, when you get a vulnerable, attack and leave defaced by blah. And you're cool
Or,
Make a target, like i hate xyz, what do i do to deface his site? scan with vulnerability scanner, and you find say two holes, what now? search for that on the net? Go to security focus and they dont give you exploit, just the discussion? In most of the cases even the author doesnt know how to exploit the bug, coz not everyone know how memory paging is done, its easy to code in HLL. So most people end up being frustrated and think "oh that's unhackable, that's very secure"
The truth is, 90% of systems which are thought of being secure are actually not, you just need to find a window to enter(no pun intended),
to pwn a network or a system,
find all the info you can about that, OS, services, router firmware etc..
Using a network mapper or network scanning tool is actually a dumb way of doing it, having a proxy chain is ok but if you do anything sensitive you'll be caught anyway,
some of the ways of getting info is by banner grabbing(which can be changed), creating errors delibrately, manual fingerprinting so on..
Also sometimes pure logic works, for e.g. everyone knows b_b loves Debian, and his knowledge and Debian tutorials confirm the fact that his server has to run Debian, see.. we dont need those mappers to find the OS.
Anyway he best way to hide yourself is to create requests which may appear like a typo and never request server frequently, be patient and the admin would miss it. Gathering info is itself a long process, but that's critical, after that you know what to do, look for holes that are not serious, coz a minor compromise in security can lead to greater damage. Sometimes creators think the whole is just a glitch and cant even provide a POC, that happens a lot, and i m still talking about the known vulnerabilities, what if you find none?
Time to consider your notes then... setup a system, try to make it a clone of your target, try to configure it in exactly the same way your target is.. how do you know that? Well, again there are lot of stuff.. like
News- site news, what security upgrades have been done recently, what was patched, infact sometimes you can guess the daemon by the type of patch applied...
Page source-Read html code, javascript, css, and any other stuff you can get your hands on.. that actually helps, comments sometimes give you some clues and hints..
specially crafted requests- sometimes special requests can give you an idea about the server configuration, how server responds to a certain request.
even if you're not able to match the configuration exactly, you can consider worst case scenario for that stuff, that means assume that it is secure.
After you're ready with the clone machine, its fun time... experiment with it, screw it, bang it, do anything you like, try buffer/heap overflows, format strings, DNS poisoning, sql injections, XSS, request smuggling/splitting, mess with protocols, and the list goes on.. you wont bother anyone, and once you know the system well, you can move to the actual target, chances are it may not work on actual targets(depends upon how closely you cloned it) so you have to work really hard on it and find other ways, but an unhackable system doesnt exist on earth, most important thing here is to be creative, and thinking out of the box.
The point why i discussed all this is because this is more or less the same strategy which is applied to deface. The thing is no one would take so much pain just to tell others how good he is, or if he's a psychopath, he can leave his name just to see if he can get away with it.
Only lamest servers on the earth are defaced unless you need a strong reason to justify it, and people know its not worth it.
So that's why defacing is considered as lame and done by skiddie's coz it gives them feeling of l33tness.
Oh and btw now i know why no one was able to deface the menace-games server,which was unconfigured and vulnerable, i should've known we have l33t gods over here for whom defacing is a sin
Edit:lol i am not trying to be mean but just expressed what i think
defacing is not actually lame, but there's a difference between defacing any vulnerable server you find and defacing a "target".
First is easy, just scan the range of ips, when you get a vulnerable, attack and leave defaced by blah. And you're cool
Or,
Make a target, like i hate xyz, what do i do to deface his site? scan with vulnerability scanner, and you find say two holes, what now? search for that on the net? Go to security focus and they dont give you exploit, just the discussion? In most of the cases even the author doesnt know how to exploit the bug, coz not everyone know how memory paging is done, its easy to code in HLL. So most people end up being frustrated and think "oh that's unhackable, that's very secure"
The truth is, 90% of systems which are thought of being secure are actually not, you just need to find a window to enter(no pun intended),
to pwn a network or a system,
find all the info you can about that, OS, services, router firmware etc..
Using a network mapper or network scanning tool is actually a dumb way of doing it, having a proxy chain is ok but if you do anything sensitive you'll be caught anyway,
some of the ways of getting info is by banner grabbing(which can be changed), creating errors delibrately, manual fingerprinting so on..
Also sometimes pure logic works, for e.g. everyone knows b_b loves Debian, and his knowledge and Debian tutorials confirm the fact that his server has to run Debian, see.. we dont need those mappers to find the OS.
Anyway he best way to hide yourself is to create requests which may appear like a typo and never request server frequently, be patient and the admin would miss it. Gathering info is itself a long process, but that's critical, after that you know what to do, look for holes that are not serious, coz a minor compromise in security can lead to greater damage. Sometimes creators think the whole is just a glitch and cant even provide a POC, that happens a lot, and i m still talking about the known vulnerabilities, what if you find none?
Time to consider your notes then... setup a system, try to make it a clone of your target, try to configure it in exactly the same way your target is.. how do you know that? Well, again there are lot of stuff.. like
News- site news, what security upgrades have been done recently, what was patched, infact sometimes you can guess the daemon by the type of patch applied...
Page source-Read html code, javascript, css, and any other stuff you can get your hands on.. that actually helps, comments sometimes give you some clues and hints..
specially crafted requests- sometimes special requests can give you an idea about the server configuration, how server responds to a certain request.
even if you're not able to match the configuration exactly, you can consider worst case scenario for that stuff, that means assume that it is secure.
After you're ready with the clone machine, its fun time... experiment with it, screw it, bang it, do anything you like, try buffer/heap overflows, format strings, DNS poisoning, sql injections, XSS, request smuggling/splitting, mess with protocols, and the list goes on.. you wont bother anyone, and once you know the system well, you can move to the actual target, chances are it may not work on actual targets(depends upon how closely you cloned it) so you have to work really hard on it and find other ways, but an unhackable system doesnt exist on earth, most important thing here is to be creative, and thinking out of the box.
The point why i discussed all this is because this is more or less the same strategy which is applied to deface. The thing is no one would take so much pain just to tell others how good he is, or if he's a psychopath, he can leave his name just to see if he can get away with it.
Only lamest servers on the earth are defaced unless you need a strong reason to justify it, and people know its not worth it.
So that's why defacing is considered as lame and done by skiddie's coz it gives them feeling of l33tness.
Oh and btw now i know why no one was able to deface the menace-games server,which was unconfigured and vulnerable, i should've known we have l33t gods over here for whom defacing is a sin
Edit:lol i am not trying to be mean but just expressed what i think
-
ebrizzlez
- Kage
- Posts: 732
- Joined: 31 Mar 2007, 16:00
- 17
- Location: Hidden in a Buffer Protection.
- Contact:
lol. outstanding info in this post. 
Will it be on windows platform too? I know you will put this on linux, but if it isnt much of a pain. Cause my linux box is currently down...
So if you demonstarte mutiple-platform then that will be sweet. ^^
Will it be on windows platform too? I know you will put this on linux, but if it isnt much of a pain. Cause my linux box is currently down...
So if you demonstarte mutiple-platform then that will be sweet. ^^[img]http://i81.photobucket.com/albums/j205/ebrizzlez/4lsint1.jpg[/img]