i'm not a noob...but
i really have no hand on experience on hacking websites, so my friend is letting me attempt on his, and i've googled his open ports' services and whatnot, and i turned to metasploit, i used nmap to get his OS and it came up with " too many fingerprints to get an accurate assesment" or something, everyone knows the first hack is generally the hardest, ive read everything, i just really need for one time, someone who knows what they;re doing to help me out, ive heard talk about compiling exploits, i can compile c code, but by all means i have no idea how to execute the exploit , i just have no experience, ya dig?
seriously, like something like this, he has cpanel 11 going, and i foudn this http://www.securityfocus.com/bid/21497/exploit and like 4 others, but i cant seem to make them work, ive put them after the url, obviously taking example.com out., but i dont actually know what to do
itd really help if someone with some spare time, and wont mind me askign some questions would add my msn in_my_pants55@hotmail.com THANKS
catinthebox wrote: seriously, like something like this, he has cpanel 11 going, and i foudn this http://www.securityfocus.com/bid/21497/exploit and like 4 others, but i cant seem to make them work, ive put them after the url, obviously taking example.com out., but i dont actually know what to do
You need to get the person to follow the link from the website. So send it, most likely, to webmaster@example.com. Then, send him the malicious link with a little social engineering skill. Or, if you have another way for him to follow the link, while logged on, do so.
Anyways, you need to know a little general scripting to accomplish this XSS, like window.location=.
Just read up on the crazy amount of threads on XSS and/or some whitepapers on the topic to understand how to use it.
catinthebox wrote: i really have no hand on experience on hacking websites, so my friend is letting me attempt on his, and i've googled his open ports' services and whatnot, and i turned to metasploit, i used nmap to get his OS and it came up with " too many fingerprints to get an accurate assesment" or something, everyone knows the first hack is generally the hardest, ive read everything, i just really need for one time, someone who knows what they;re doing to help me out, ive heard talk about compiling exploits, i can compile c code, but by all means i have no idea how to execute the exploit , i just have no experience, ya dig?
you're going about it completely the wrong way.
look for web exploits first, then dig deeper into the system with nmap and whatnot.
and never use metasploit. never ever ever ever.
you shouldn't need mine, metasploit's, or anyone's help to learn what you need to bend a website to your will.
you're essentially asking folks to hold your hand through everything. you will be using a program that holds your hand and pulls you away if you get too technical.
don't go that road. go to the fucking library.
k, this site is for helping, and i said i needed help one time, one time, ive been on this site for a long while, i read articles every day, and situations are never the same for me as other people i need help, ONCE on one task, walk me through it one time, and i can go from there, if you everyone to progress as a whole, you have to build on what is already known, not getting everyone to start from the ground up, i need help once
I don't care how many articles you've read. I don't care how long you've been here. I don't care how many times you plan on utilizing someone else's aid.
I've already told you how I personally feel you should go about the process of auditing a page.
I've already given you my opinion on metasploit.
You don't need me.
First off You Shouldn't be asking for help to hack a site in the forums, No one needs to hold your hand and help you. Learn yourself! If you've read all these articles and tutorials you say then give the Fuck up. You'll never get it, Noone held my hand and walked me through shit.Keep learning if you want to be good.
On a side note: Programs that go clicky-click like metasploit and brutus etc are for noob/skiddies>Don't mention them around me please.
for someone who says they're not a noob, you sure do ask noob questions!
i get sick of people at school asking me things like 'how do you hack into such-and-such?'
there are NO shortcuts to hacking, you have to learn stuff and then apply that knowledge. hacking is a process, one that requires logic skills, there is no 'hacking knowledge' database. you have to put in the effort.
right, i've said all i needed to say. B)
I FUCKING KNOW THAT, i knew id sound liek a noob, saying, sum1 hax da hotmale4 mi, but ididnt i came in asking for help, ive tried numerous times, different methods, and the truth is i havent done it before, i need to see someone do it, or atleast someone to help me out, we have a whole mentor thing, i dont want a mentor, i want a onetime goto guy to help me the fuck out, but you guys come in telling me, man i didnt get help the first time i did shit, well woopteedoo, im being smart, and instead of continuing doing everything wrong, which is what im doing, im asking for help, in_my_pants55@hotmail.com, no script kiddie programs, nothing, help me put an exploit into action, doesnt even have to work, i jsut need the process, and posting it wont help, msn is the most efficient way for fast questions, COME ON PEOPLE, im not asking to hack the site for me, im not asking you to get working exploits, im asking you to help a gy out, to break past the point ive been stuck at for a while, come on
catinabox, the reason I asked you to post the URL wasn't to hack it for you (which I'm not gonna do, nor will anyone else here). Every site/program/whatever is different and you have to take a different approach to every way. There is no preset set of instructions to hack sites and such, you have to poke around and see what could be possible.
moonbat is being the only helpfull person, metasploit was a last resort, when i couldnt figure it out, so i figure get metasploit going figure that out, start out easier, and it turns out, its not that good anyways, i have now come asking, without programs, how to do it, i jsut need some help, liek a tutorial, but on IM, and the site is www.projectbackslash.com, if you're up to it moonbat, add my msn, and itll be a big help ON MY LEARNING TO HACK JOURNEY
i have, but i need direction, as in i need to do a hack to see what else i need to know, im doing shit wrong and will continue too until i get help, becuase i have no idea what else to do, i am to actually hacking, as a noob is to hooking up a harddrive to transfer files over, i can get exploits, get the site, get the ports, find the services and shit, obviously for somereason not compile the code, then i cant put anything into action, becuase theres a breaking point where i have no idea what to do, how about instead of makign me take another year to actually successfully hack soemthing, someone helps me learn, mentor me for a day or two, how hard could that be? also, ive been into this stuff and reading for a couple years now, and jsut now want to put it into action
man then don't use metasploit i've take a look and yes it is point-and-click i suggest you to use exploits from sites like milw0rm.com maybe some of you will say it is a SKs site but there at least you see the source code of the exloit and some of the exploits have explanations so you can understand wtf is going one
Lesser Light Of Heaven You religious tard. I hated people like you when i was starting out. All i got out of them were two words. Skiddie Google Yeah like thats gunna help. Well sorry brother but i cant help ya much here im too much of a nub at WebHacking but u ever need to r00t, WarDrive, PI, BlueDive, NetWHack or anything similar hit me up. lil_bro_92@hotmail.com
well im no hacker wizerd either i joined this like 2 yrs ago and i still suck at hacking but i have gotten better
my advice…never give up write stuff down think like an admin think like a hacker
read read read some of the tutorials here are good but hts has some really good ones like just like 30min ago i understood how blind sql works adn now im going to try it in basic 13,14,etc you can pm me for help as im also a n00b we could help each other …dont use metasploit ever…i never even installed it and saw it sucked its like hireing a hacker todo the work for you then takeing the credit…sorta anyways rember..http://www.hackthissite.org/articles/list/1/1/ read up adn good luck -mouse