Форум   Статьи   Новости   Файлы   Bugtraq   Сниффер   Друзья   О Клубе
  , 10:50   #1
Продвинутый
 
Аватар для stan_q
 
Локация: Бродяга
Регистрация: 26.04.2009
Сообщений: 1,194

Репутация: 389 / 5
По умолчанию Site hacking tutorial

Hi, I`m stan_q and i`m gonna write a little tut about site hacking :wave:


Our goal is to get an admin access for site.

So, we`ve got a site named victim.com.
Our site can have troubles in program code and services launched in server. That we must check.


1 step - manual checking


Checking site for usual vulns: XSS, SQL-inj, PHP-includes and so on. Manually checking the site for this bugs. You also may use web-scanners like Jsky and other ones you like. If we found it - use this bugs to get an admin`s login\pass. Iа we don`t - go to the next step.


2 step - getting an information


We are visiting to 2ip.ru and getting all available information about this site: IP address, CMS, reverse IP checking (about other sites in this server).
Next step is checking IP adress (server) for any vulns: opened ports, dangerous services etc. In Windows OS I usually use XSpider (great tool).

CMS. I hope, all of you know what it is - Content manage system. In Runet, Uanet are usully used such CMSs like Joomla, DLE, WordPress and so on. Many of them (espessially old versions) have public vulns, that were not closed by admins of our victim.com.


Ok, we`ve collected all possible info about our site. If we could not find any vulns manually, we have to user exploits. Where can we get them:

code:
Milw0rm: http://www.milw0rm.com
Security Focus:  http://www.securityfocus.com
Osvdb: http://www.osvdb.org
Cve Mitre: http://cve.mitre.org
Metasploit: http://www.metasploit.com  
Google: http://google.com
Exploits are usually wrote in perl, php or python.

If your exploit is successfull - you`ll get an access to site. If no - try next exploit.


No bugs?

:86: Yes, this happens offen. It seems, that there is nothing to do. But there are some possible ways.

As you remember, we did such a checking like reverse IP. It means, that we`ve got an info about other sites placed at the same server as our victim.com. Sometimes there is more than 100 sites. I think, that the possibility of founding vuln site is big enough.
If we`ve got access to another site at server, we may get the shell and find out our victim.com database (we must know an real adress of victim.com at server). If it happens - we get the DB and recovering admin`s login\pass.


What else can we do.
There is an possibility to get access to admin's mail and recover the pass.

The most difficult way, I think, is getting the CMS`s source and finding an vuln that nobody has found yet.




Finally the end

Ok, I hope, that someone has found something interesting in this article. I understand. that my level in hacking is too low to claim for any genius ideas in such a difficult matter as site hacking, but I think, that some systematization of this material is very useful. Any way, thanks to goolge.com for help and Randown for idea. And sorry for mistakes in my English - it also not so good enough :hmcool:


Specially for HPC, stan_q
(c)

__________________
Критикуя - предлагай
Пользователь вне форума    
Наши Спонсоры
  , 18:57   #2
Новичок
 
Регистрация: 07.06.2010
Сообщений: 15

Репутация: 1 / 0
По умолчанию Re: Site hacking tutorial

thanx, it was so useful, I used it on my project=) in English +)
 
Пользователь вне форума    
  , 15:37   #3
Местный
 
Аватар для kagetake
 
Регистрация: 04.07.2010
Сообщений: 128

Репутация: 30 / 1
По умолчанию Re: Site hacking tutorial

one more xploit data base http://www.exploit-db.com/
regular updates and zerodays. rss.
__________________
приму в дар mail.ru xss
Пользователь вне форума    
  , 03:15   #4
Новичок
 
Регистрация: 13.07.2010
Сообщений: 10

Репутация: 1 / 0
По умолчанию Re: Site hacking tutorial

"The most difficult way, I think, is getting the CMS`s source and finding an vuln that nobody has found yet. "

Always one of my first steps:
1) Info gathering (checking out hosts, ports, etc) I use nmapfor this.
2) Determine site version number
3) Download site software and check for exploits on my own server.
Advantages to doing it posted way:
-Quick
-Efficient
Disadvantages:
-Usually leaves log files with all your info
-You don't learn anything! Learning is what hacking is all about!


Advantages to my way:
-You know what the program you are running does (No sketchy software)
-After you find the exploit keep it for safekeeping -- You never know when you might need it next. Build a little library of private exploits.

Disadvantages:
-Takes a long time
-Might have to learn php and SQL
 
Пользователь вне форума    
  , 08:12   #5
Продвинутый
 
Аватар для stan_q
 
Локация: Бродяга
Регистрация: 26.04.2009
Сообщений: 1,194

Репутация: 389 / 5
По умолчанию Re: Site hacking tutorial

Цитата:
Сообщение от durhurrr Посмотреть сообщение
Determine site version number
What does it mean - CMS version? Version of server?
__________________
Критикуя - предлагай
Пользователь вне форума    
  , 09:51   #6
Местный
 
Аватар для kagetake
 
Регистрация: 04.07.2010
Сообщений: 128

Репутация: 30 / 1
По умолчанию Re: Site hacking tutorial

Цитата:
Сообщение от stan_q Посмотреть сообщение
What does it mean - CMS version? Version of server?
I think it mean CMS number version, not version of server.
For example Joomla CMS may have different versions such as 1.5.18 or 1.5.17. Even different CMS components and plugins have own version numbers. Resp. some exploit will work only for version for wich it was written.
__________________
приму в дар mail.ru xss
Пользователь вне форума    
  , 10:04   #7
Продвинутый
 
Аватар для stan_q
 
Локация: Бродяга
Регистрация: 26.04.2009
Сообщений: 1,194

Репутация: 389 / 5
По умолчанию Re: Site hacking tutorial

Even if you exactly know CMS version, there is no warranty that exploit will work. Site`s admin may change the source code of the CMS. So it`s better first to check the site manually, but not to install it on localhost and making tests, I think. Of course, you must remember about your own safety.
__________________
Критикуя - предлагай
Пользователь вне форума    
  , 23:24   #8
Новичок
 
Регистрация: 13.07.2010
Сообщений: 10

Репутация: 1 / 0
По умолчанию Re: Site hacking tutorial

Цитата:
Сообщение от stan_q Посмотреть сообщение
What does it mean - CMS version? Version of server?
It can be the version of the software running on the computer (SSH version, SMTP, etc) or it can mean the actual version of the CMS that the site is running. along with all that it is useful to know the php and sql versions.

Yes, sometimes the admins do change the code around a little bit (only if they know what they are doing) and if we are lucky, they might forget something or it may open new venerabilities.

I'm personally not worried about my machine being attacked because out of the billions of IPs out there what are the chances that someone will randomly try to connect to mine.
There are also hosting sites that support php and databases that are extremely helpful
 
Пользователь вне форума    
  , 12:33   #9
Новичок
 
Регистрация: 09.01.2010
Сообщений: 3

Репутация: 0 / 0
По умолчанию Re: Site hacking tutorial

I want to lerarn this but too hard form me
 
Пользователь вне форума    
  , 14:15   #10
Форумчанин
 
Аватар для Vospor
 
Регистрация: 31.07.2010
Сообщений: 65

Репутация: 16 / 1
По умолчанию Re: Site hacking tutorial

this is awesome =)
__________________
Mosquitall - потому и не ломают
Пользователь вне форума    
  , 08:33   #11
НЕ ПРОВЕРЕН
 
Аватар для NeonKnight
 
Локация: Москва
Регистрация: 17.04.2012
Сообщений: 6

Репутация: 0 / 0
По умолчанию

sounds pretty good
 
Пользователь вне форума    
 

Похожие темы
Тема Автор Раздел Ответов Последнее сообщение
на ВК пришла такая мулька djonzmei Соц. сети 15 09.12.2010 14:25
Раздача аккаунтов к торрентам haVen Раздачи 1 26.07.2010 10:08
Вреданосный код. Ixacker Оффтоп 50 14.07.2010 15:19
отчетник GIPING Раздачи 0 25.02.2010 15:35
SiXSS -SQL Injection для Cross Site Scripting Ram0nlord Сайты, Форумы, CMS 0 28.07.2009 18:41



Часовой пояс GMT +2
Powered by vBulletin® 3.x.x Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.

Copyright © 2008 - 2013 «HPC» Реклама на сайте Правила Форума Пользовательское соглашение Работа на сайте
При копировании материалов ставьте ссылку на источник
Все материалы представлены только в ознакомительных целях, администрация за их использование ответственности не несет.