Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Hacking in General


Hacking in General

By ghostghost | 7021 Reads |
0     0

Ok in this tutorial you will learn how to deface websites… I am not responsible of the things that you do after reading this…

Let’s start So First we need a victim to hack… Look now if you are a lamer you can find a victim from google using some tricks but it is pretty lame. So you found a site you want to hack…

Open a notepad and name it as the website (there you can write everything you learn about the server)

open up command-prompt and type:

nslookup You see the ip of the website

Ping You see if the site is up (if you see 4 answers then it is up)

tracert The redirections you do before you view this site

Ok you got some information Write it all in the txt…

Download a port scanner I suggest blue port scanner and scan for all open ports

(Look a computer has 2 kind of ports virtual and physical, physical are where you connect your mouse, keyboard, mouse etc… Virtual is where other computer use when they connect to you ex: when i type www.google.com i connect to the virtual port 80 where it runs a daemon, program which runs on a port and control the connection and see the webpage)

Ok we run the port scanner and we see all the open ports of the server ex:

21-ftp 23-telnet 25-smpt 80-http

ok now we know what ports are open and bit information’s of the daemons… write all down…

Connection to a port… Internet explorer, mozilla, Firefox and others are programs that you tell a server and they connect you on port 80 of this server and you see a website… But what about other ports??? With telnet… Telnet is a little program that can used to connect to port 23 which runs telnet daemon The nice with this is that we can connect to other ports not only 23 Check this out: Open command-prompt and write:

Telnet

Perhaps it will tell that port 23 is closed… Now try:

Telnet 80

Now you connected to port 80(http) but you did it from telnet not with browsers… Ok try find a server wich has ftp and type:

Telnet 21 Or Ftp

There is already an ftp-client program to connect to ftp ports…

After connection you see the daemon name like the version and you need a username and a pass which you don’t know try with all ports and get information’s about daemons versions…

Write them down I will tell you 2 ways of breaking a daemon

1 Try google for exploits (if a server runs ftpd 2.2 for ftp server daemon the google for ftpd 2.2 exploits)

2 Try using some brute force with some program(suggest Brutus) which is program that guess takes words from a list and try them as username or password. The only problem is that is too slow but ok…

now lets go on the deface part if a server has a site then port 80 is open so go on this website and find again all information you see… like admin panel, folders(use Inteli tamper) to found some folders and files) it doesn’t matter if you don’t find the information is crappy just write it… See if the site has JavaScript, cookies or uses php or even if it has a guestbook or a forum this are little web servers extras that sometimes are exploitable… If you search and search and you see that nothing is vulnerable(really impossible) go and download some exploit scanners… This are programs that you tell a website and they test it for hundreds of exploits nice uh :) k when you find some exploits google for them on how they used… Go into the website and try the exploits i suggest when doing it use a proxy or a Wingate to bounce(redirect) your connection after you done something to a webpage search for the logs perhaps your ip is logged so found it (sometimes in the folder logs ex:http://www.somesite/logs) And delete it…

if you have done the above and nothing worked you can try to Social engineer the victim like using e-mails from the hosting site company or finding passwords from other users… Remember in the Social engineer is good to use all the crappy information you decided below is and example:


Hotmail Bug Service Mailing

Hi asdafasdf@mail.com, our servers backup database was erased by error in our SCP(Service Client Program) on line 42:

0xBack_db.345543 ’Error in Type Variable(Boolean Expected)

So we will update our database in the next 6 days. Please reply to this e-mail with your additional information in this form in 6 days.

Username Password Confirm Password

Your e-mail asdfas@mail.com will be deleted from our current database unless you reply to this message. We are sorry for the insaneness.

Copyright @ 2006 Hotmail Bug’s Mail

or


FBI

The FBI has traced you down for hacking/illegal actions using this e-mail/site you have been traced and found your additional information

“here goes all crappy information’s about the site or its owner”

Reply to this message as Pass and User to prevent us from arrest you and some other craps…

Tip: The e-mail should be very good-looking to convince the victim of his authentication think paranoid to be SE Ex:if the site is Geeks.hostmenow.com then if hosting is free create a site called Bugs.hostmenow.com that has a login page then say to the e-mail to login there and use some scripting skills to save the login information on a txt file…

That all for today… Keep learning… By Akuma

Comments
ghost's avatar
ghost 18 years ago

nslookup You see the ip of the website

Ping You see if the site is up (if you see 4 answers then it is up)

tracert The redirections you do before you view this site

All that for nothing? You haven't included information on it. You juts told the user to do this and that and write it down somewhere safe, and then you didn't use the information in order to deface the website.

But the other parts and bits are pretty good, great job! :)

ghost's avatar
ghost 18 years ago

k just explain the tools… i keep working… :)

ghost's avatar
ghost 18 years ago

Hotmail Bug Service Mailing <<– lol dumb people would reply to that..

ghost's avatar
ghost 18 years ago

k flake it is just an example :)

ghost's avatar
ghost 18 years ago

Dont flame the guy, he took time to write this article and submit it as well. Its not like we all write useful articles now do we? Nice tutorial, good submission. And include such stuff such as registering on passport.net (staff@security.net, something for social engineering).

And then afterwards, you'll sign in with it through MSN Messenger, and you can then use your social engineering skillz on your victim using proper English grammar and low-computing terms (only when necessary).

I might as well write a tutorial about social engineering a hotmail account in MSN Messenger, well thanks again for the tutorial, ncie one ;)