How to Become an Elite Hacker Part 4: Hacking a Website. [Part 1]

What's Defacing?

Website defacement is an attack on a website that changes the visual appearance of the website. For example: you've got a website that only shows 1 word. That word is Hi. When defacing you (the h@cker) are going to change that very same word into anything you want. (usually you'r Alias).

How to Deface?

Usually a defacement is done by using this method (SQL injection). There are other methods involving PHP, but SQL is more common and far more easy to use! So let's get started.
First let's make a list of things that we need:
  1. Vulnarble website for SQL injection
  2. The admin password
  3. Shell script (So you'r able to gain admin controls)

What Is a SQL Injection

A SQL injection is a method to gain access and deface a website.
SQL is used to design the databases. The information is stored in databases. And with this "Exploit" we'll hack in to that very same database using SQL.

Finding a Vulnerable Website

First we'll need a website vulnerable to a SQL injection. There is a simple way to test a website. But the challenge is to actually find a website. For this we'll use some Google dorks.
Google Dorks
Google dorks are used to search for something on Google in a advanced way. Basically you'r telling Google what to look for. If would say FILETYPE=PDF, everybody would understand that i want a file with a .pdf extension. Now this works almost the same for Google. Here are some useful Dorks for our SQL injection. Just past them in Google, and press search!
inurl:index.php?id=
inurl:buy.php?category=
inurl:news.php?id=
These should do the trick. Now testing for vulnerability.
Go to the selected page and after the link add a '
Then press enter and if you get an error that means that the site is vulnerable. i choose for This site.
So i have the link:
http://www.irishsanghatrust.ie/news.php?id=33
Then for the SQL injection test add a '
http://www.irishsanghatrust.ie/news.php?id=33'
And you'll get an error. Here are some screenshots showing you before and after the '.
Before the ' was added (Look at the URL)
After the ' was added (look at the URL)

Conclusion

As you can see it all ends here muhahaha!!! This is were i would like to stop it for now. I could continue but the "How-To" Would be way to long and most of all BORING. So be sure to look for: How To Become An Elite Hacker Part 4: Hacking A Website [Part 2]
A Shoutout to Naughty Criss; He gave me the idea to do a how-to about Defacing!
SHARE

About Unknown

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment