Guys,To start with hacking website or a server,you'll require some skill that helps to write your own code.
[For that,you have to follow these steps(In Windows).
1) Start - Run - cmd
2) type ping "your target website(without quote)"
3) copy that ip address]
Go to
http://whois.domaintools.com
& add IP or the website.You’ll see a large amount of information about the website.
Use Google to find even more information about the website.
After all mess up,
You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]
Once done type, nc
Ex: nc 127.0.0.1 21
It will show banner with all information.
- First of all, to start hacking.
[For that,you have to follow these steps(In Windows).
1) Start - Run - cmd
2) type ping "your target website(without quote)"
3) copy that ip address]
- Now, we need to gather information about the website.You have to to Whois lookup.That will gather all information about server.
Go to
http://whois.domaintools.com
& add IP or the website.You’ll see a large amount of information about the website.
Use Google to find even more information about the website.
After all mess up,
- Open Nmap(A tool to hack/get info of online).
Once you have done that,
"ip_address nmap –sT –sV"(without quote) in Nmap’s command bar & scan website.]Once done,observe O.S.(Operating System), Ports, Services running on the website server.
- Once done, you’ll need to find banner of the software.
[Banner: It shows the software & version running on ports.]
It may chage depending on the OS of server.
- For WIN VISTA & 7:
You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]
Once done type, nc
Ex: nc 127.0.0.1 21
It will show banner with all information.
- For other OS:
Open Telnet[Start > RUN > telnet]
Once done type, O
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.
Once you’ve got the banner, you need to search for vulnerability matching with banner.
- Exploit databases:
Injector_____http://www.inj3ct0r.com/
Milw0rm_____http://www.milw0rm.com
Security Focus_____http://www.securityfocus.com
Osvdb_____http://www.osvdb.org
Cve Mitre_____http://cve.mitre.org
Metasploit_____http://www.metasploit.com
More info:http://www.hackforum.net
Once you’ve got the matching exploit of the same version software.
[If you haven’t got, try another port.]
You need to edit values, compile & run it.
Most common exploit Coders:
- Perl
For perl exploits, Copy the exploit in notepad & save it with .pl extension.
Download & Install, Active Perl:
http://www.activestate.com/activeperl
Once done, edit the exploit with notepad & double click to run it.
- PHP
For PHP exploits, copy & save it in .php extension.
Download & Install WAMP:
http://www.wampserver.com/en/
Once done, edit the exploit with notepad & execute it from CMD.
- Python
For python exploits, copy & save it in .py extension.
Download & Install python:
http://www.python.org/download
Once done, edit the exploit with notepad & double click to run it.
- C/C++
For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.
If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.
Join My Blog.
Have Fun Hacking.Nirmal kantharia(man1aachacker)
No comments:
Post a Comment