Search For Hacking

Translate into Hacking language

Saturday, December 1, 2012

Web hacking techniques



HEY  EVERYONE TODAY I WILL BRING YOU THE MOST POWERFULL TECHNIQUES FOR WEB HACKING

EDUCATIONAL PURPOSE ONLY.
The first step in hacking website Or any kind of hacking Is the collection of information The latter are determined that you are able to penetrate the site But before going to all this you Should know That the site such as any computer The difference between him and the normal computer It's fast and advanced Which is called the server




To run this server in browser must be installed a web server like Apache HTTP Server and you can install this apache in your computer Will use the space on your computer But the difference that the domain will be 127.0.0.1 Even if you bought a domain and linking it to your computer Is your computer will remain connected 24/24h :) Of course not. I hope that they have reached the idea

Collection of information :

 First we have to find IP Of the site is very easy Go To : Start  --> Run ---> CMD

Ping www.site.com 

                                                            



When we get the IP If we are to really penetrate the Site We have to see if that site alone in the server Or with multiple sites


If the site alone in the server It will be difficult But if it was with many of the site in the same server Would be easy Because the discovery of any error in any of these sites Will be the key to penetrate the Site There are generally many of the goals behind the break sites When you can access the database You'll find lots of stuff Names registered on the site, as well as passwords Or if it penetrated a shopping site Will be able to withdraw all Card Visa That payment by customers In this type of penetration must be careful


Generally when you get the IP Go to Bing.Com and Put  [ IP:127.0.0.1]
 Of course Replace 127.0.0.1 لاy the ip of target site then you will see Sites in the server




There are many websites offering a basic WHOIS lookup service like whois.domaintools.com Gives information about the owner of the site And many





BASIC
Basic 1_

 Some of you who are very stumped or are new to hacking may just think, hm what shall I do, here's what you do! Download FireFox (http://getfirefox.com) and press Ctrl+U, or if you can't get a hold of fire fox just find a way to view the source.
Once you are in the source you need to know what a html comment looks like, for those who don't know, it's <!-- comment here -->. So, in the source do a search (Ctrl+F) and find any comments. Once you have found the right comment, you should know what it is, work it out and then type the answer in the password box and hit submit, then basic 1 is out the way, on to basic 2.

Basic 2_


Aha, Drake has learnt about the <iframe> tag! If by now you still don't know any html, an iframe allows you to embed a webpage inside a webpage. So, again we need to view the source, and then do another search, this time search "<iframe" without the quotes of course, this will show you where the iframe is reading from. When you have found it you have put the exact "src" or it in the box. Wooo basic 1 and 2 are over! Basic 3 here we come!

Basic 3_


Hm, you may be thinking "What's a user agent?", well a user agent is your browser and platform/OS, and for this challenge you need to change your user agent, if you still haven't got firefox and you're in IE, you're a bit stuck, you see, in firefox you can get an extension which lets you change your user agent (http://chrispederick.com/work/useragentswitcher/) but in IE, you have to spend a long time in regedit trying to change it. Once you have firefox installed and the user agent switcher you just have to edit the user agent to the right string (bwh3_user_agent). Woooo more points! Basic 4 now...

Basic 4_


This one is pretty straight forward, as you see you get this: " ERROR: htpasswd.php file not found in basic4/" which tells up the file "htpasswd.php" is not in the /basic4/ directory, so all you have to do is move up a dir!

Basic 5_

This one is tricky, all you have to know is that an asterisks is a wild card - it can mean anything. So for username and password it would be *:* and an e-mail would be *@*.*, so from that you should be able to figure it out.

Basic 6_

Hurray! Basic 6! Unix! For this you'll need to know some basic unix commands. The first is chmod, this command allows you to change permissions of a file. On this challenge you need to chmod the logs/logs.txt then remove it. So what we have to do is chmod it to all and execute (chmod a+x). After you've entered the chmod command into the first box we have to remove it, this command is "rm". After that, you have to remove the track_logs.php file to stop you getting tracked.

Basic 7_


Right, for those who just went ahead with sql injection as soon as they saw the word "sql", you've wrong, but, for those who read the description through well, you may notice it says "This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption"
For some of you, you may be thinking "What's ASCII encryption?!" Well, I'll give you a hint, 011000100110100101101110011000010111001001111001. Now, time to check our cookies to see what we need to decrypt! If you have alerted the cookies (javascript:alert(docu<i></i>ment.cookie), you should see that the username is sam and the pass is jillisdead, so what are you waiting for, encrypt it already! For this we will need to do a javascript injection. Enter in your address bar:
javascript:void(docu<i></i>ment.cookie="username=binary encrypted text");
Replacing the "binary encrypted text" with, yep you guessed it, the binary encrypted text! Then all that's left is to refresh. And now time for a nice little sql injection.

Basic 8_


Right, basic 8, this time we need a lengthy sql injection, not just a ' or 1=1-- injection. In the password box type any random word and hit enter, you should get an sql error. Now if you view the source and look for comments again you can see <!--?sql_query-->Wrong SQL query, for those who know some basics of web coding, you can put things on the end of file names with a question mark, for example: something.php?variable=something. This would work using a $_GET of the name "variable".
So, we know that this script uses $_GET['sql_query']; Now if you look at the name of the variable "sql_query" you should be able to work out what it may do. So try some sql queries using the sql error we got earlier.

Basic 9_


Alrighty, just over half way to finishing the basics! In basic 9's description, you should notice that the file search utility searches for files in the directory /files/. So, if we take a look at http://www.hellboundhackers.org/challenges/basic9/files/ you can see there's a login.php file! By now, you should know that the source of a login usually contains the user and password unless it does a database query, now, if we go back to the file searcher, and put in "login.php" we can see that it's a real login. Obviously you can't view the raw php code of web pages because it gets parsered, but, there's an exploit called the Poison NULL Byte, for those who haven't heard of it it's when you add on to the end of things, such as page.php?file=config.php, this could show you the source of the config.php file. In this challenge we need the source of login.php, so try searching login.php with a poison null byte on the end.

Basic 10_


Ok then! You may or may not know what a proxy is, but you should know what an IP is, if not: an IP address is basically the address of your computer. And, what a proxy does is, it kind of changes your IP, for this challenge you need to get a proxy that's in the right range to get into /admin/. Those who are on ntl internet may have problems with this challenge as ntl gives you what's called a "shared IP", it's basically a proxy but it means you can't change it :(

Basic 11_


 Hurrah! User agents again, this time we need to change the user agent and the OS, for those who done basic 3 with the user agent switcher plugin may notice that on the user agents that are already there it says things like: Internet Explorer 6 (Windows XP), this tells us that they are running Windows XP and using IE6, so it shows that user agent strings are like this: User agent (Operating system)
Now what's left is to change your user agent and refresh.

Basic 12_

Okie doodle doo, you should notice when you click Basic 12 on the basic.php page it goes to: basic12/index.php?page=challenges.php
This is called file inclusion, and this can be exploited. You see, we need to get the user:pass combination from the /protected/ folder, this folder is passworded with .htpasswd/.htaccess, so if we try and include the .htaccess file it may give us the password file :) Now once we have the hash, we need to crack it, it's encrypted with DES, this can be easilly cracked with John The Ripper (http://openwall.com/john/). Alot of people struggled trying to crack this, as if you try and brute force it, it may take weeks, you need a wordlist, google for one. Once cracked, go to the protected folder and enter in the username and password to get the points.

Basic 13_


Right, basic13, you are told to log in as George, but what's this?! There is no George!!! Oh my god!!!!!!!! Well, being the elite hacker that you are you can manipulate the form :D So, save the page to your hard drive and modify the values in the form, don't forget to make it post to the hbh site.

Basic 14_


Hm, again with the source...in this one, when you find the comment, you are told to go to a certain file to get the "new password". Once you've gotten it go and get your points.

Basic 15_


Soooooo, we get told a file that hides directories, what could it be? It's something.txt! What, you thought I'd give you the answer? *tsk tsk* Go and google. Once you have the _real_ file then you can get your points wooooooooo.

Basic 16_


Hooray! Only one more to go! On this one, you are told it's vulnerable to SQL Injection, so what are you waiting for, inject already!!! Right, now you're done.

Basic 17_

Yay, the last one! For this one, you'll notice your PC may lag when you first attempt it, that's because it's a java applet and a lot of PC's hate them, especially mine, it freezes up everytime a java applet runs, but anyway, if you view the source you can see that there's a file, basic17.class, so let's download it.
Once you have that downloaded, you'll need to open a certain program to read it, google for a decompiler for this file type, once you have a decompiler, open this file with it and you should be able to see the java source code, if you look you should see the password, so go back to /challenges/basic17 and enter the password, a new window will open and then you'll receive your points! Bang, another mission down :p


Thank you for reading my POST, I hope it has helped you.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)