Basics OF webhacking

Basics OF webhacking

By ghost | 28190 Reads |

0     0

Basics of webhacking

Tools : Command Prompt

\\// //\\

1. Finding a server I.P

\\// //\\

First of all you will want the server I.P address, to gain this goto your start menu and click run. Then type cmd or command (whichever works).

Type the following :

ping target.com

You should get something similiar to the following output :

Pinging target.com [80.20.20.20] with 32 bytes of data:

Reply from 80.20.20.20: bytes=32 time=121ms TTL=51 Reply from 80.20.20.20: bytes=32 time=123ms TTL=51 Reply from 80.20.20.20: bytes=32 time=120ms TTL=51 Reply from 80.20.20.20: bytes=32 time=120ms TTL=51

Ping statistics for 80.20.20.20: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 120ms, Maximum = 123ms, Average = 121ms

You now have the server I.P

\\// //\\

2. Look up the host's name server

\\// //\\

Now in command prompt, type nslookup. Nslookup will say something like:

Default Server: blah.blah.net Address:

Now type set type=all, this will show all server details. Next type the server domain E.G target.com

You should get an output similiar to :

Non-authoritative answer: target.com internet address = 80.20.20.20 target.com primary name server = ns1.target.com responsible mail addr = hostmaster.target.com serial = 2005032200 refresh = 50400 (14 hours) retry = 3600 (1 hour) expire = 604800 (7 days) default TTL = 3600 (1 hour) target.com nameserver = ns1.target.com target.com nameserver = ns2.target.com target.com MX preference = 5, mail exchanger = smtp1.target.com target.com MX preference = 10, mail exchanger = smtp2.target.com

ns2.target.com internet address = 80.20.232.20 ns1.target.com internet address = 80.20.3.2

You now have the nameserver details of this website. What to do next?

Well open up your browser and type http://ns1.target.com or http://ns2.target.com

What you get there depends on the website you are looking at, sometimes you get a placeholder or a domain name login page.

\\// //\\

3. What about that i.p, what do i do with that? (part 1)

\\// //\\

First of all you will want to scan for all open ports on that server. To do that check the end of this article where tools you will need will be listed. When you obtain one of the tools just type in an i.p and it will scan for open ports.

You will now have a list of open ports on the webserver.

Here is a list of some common webserver ports:

Port Service 21 FTP (File Transfer Protocol) 25 SMTP (Simple Mail Transer Protocol) 53 Domain 80 HTTP (Hyper Text Transfer Protocol) 3306 MYSQL

For an advanced list goto http://www.chebucto.ns.ca/~rakerman/port-table.html

Now you can do one of the following : Open command prompt and type Telnet i.p port E.G telnet 80.6.6.5 80 This will connect to the i.p on the port which is open.

Sometimes you will get an output for example if it was port 25 you may get

220 mail.target.com ESMTP Sendmail 8.12.10/8.12.10; Sat, 26 Mar 2005 17 :50:43 -0500

You could use that to send emails.

Or for port 21 it could be something like :

220 ProFTPD FTP Server ready.

User : type user Pass : type pass

On port 3306 you could access their sql database.

To do this download the newest version of mysql and install it: http://dev.mysql.com/downloads/

Once you have install MYSQL goto the installed directory and goto the bin folder and execute MySqlManager.exe

You will have a window in the center named something like MysqlM1, right click this window and goto register server. A new window will come up: In the following input the server details :

Servername : anything doesn't matter Host : the target i.p Port : 3306 usually

Select use standard security.

Obviously you will need the username and password.

Here are common ones:

User Password

\\// //\\

root root admin root admin admin admin root apache apache root apache

and so on, try various combinations. Your chances are very slim though, your better off trying to gain the password with an alternative method. Brute Force,Dictionary.

Now click register, the newly assigned server will appear in the main window, double click it, if you gave correct login info it will open up the database.

\\// //\\

4. What else can i do with that I.P (part 2)

\\// //\\

Well, there are other things you may do with the newly obtained I.P. I will show you some below.

http://ip:port ftp://ip https://ip:port

Or open command prompt and type : net use * \\ip\directory$ ' note : directory being your input

You should get a message if you guess a correct directory e.g Enter the user name for 'targetip':

If you get an incorrect directory you will receive this message : System error 53 has occurred.

The network path was not found.

For those of you who don't know, the command net will map a network drive on your system. The * simply tells the command to use the next free drive. For full synthax type net use /? or net /?.

\\// //\\

5. Sql Injection

\\// //\\

As there are plenty of articles on this site explain Sql injection i won't bother. I just thought i would mention it.

\\// //\\

6. Cookie viewing,changing

\\// //\\

Again i have seen articles on cookies so i won't explain this.

\\// //\\

7. Good Tools for web hacking. (google them)

\\// //\\

Brain (You might get one….maybe :-P) Angry I.P Scanner (can be setup to scan ports) BluesPortScanner (port scanner) Stealth Http vulnerability scanner (Scans websites for known vulnerabilities) N-Stealth (same as above) WinSSLMiM (Man in the middle) WinTCPKill (TCP connection killer) WinDNSSpoof (DNS I.D spoofer) SQLdict (Cracks SQL Servers with a dictionary attack) WWWhack (guess passwords on login forms) NETBrute (port scanner,password cracker) Nmap (Excellent tool you should get it) NTbrute (Hacking network shares)

\\// //\\

If you need any help, send me a message at or add me to msn. o x i o<<<>>>hotmail.co.uk (without the spaces or arrows)

And yes i know i make little sense, if you add me i may be able to help you.

\\// Araym|Velocity //\\ x9000q