Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 19
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles

Hacking in General

Arrow Image .



Ok in this tutorial you will learn how to deface websites...
I am not responsible of the things that you do after reading this...

Let’s start
So First we need a victim to hack...
Look now if you are a lamer you can find a victim from google using some tricks but it is pretty lame.
So you found a site you want to hack...

Open a notepad and name it as the website (there you can write everything you learn about the server)

open up command-prompt and type:

nslookup <sitegoeshere>
You see the ip of the website

Ping <sitegoeshere>
You see if the site is up (if you see 4 answers then it is up)

tracert <sitegoeshere>
The redirections you do before you view this site

Ok you got some information
Write it all in the txt...

Download a port scanner I suggest blue port scanner and scan for all open ports

(Look a computer has 2 kind of ports virtual and physical, physical are where you connect your mouse, keyboard, mouse etc... Virtual is where other computer use when they connect to you ex: when i type www.google.com i connect to the virtual port 80 where it runs a daemon, program which runs on a port and control the connection and see the webpage)

Ok we run the port scanner and we see all the open ports of the server ex:

21-ftp
23-telnet
25-smpt
80-http

ok now we know what ports are open and bit information’s of the daemons...
write all down...

Connection to a port...
Internet explorer, mozilla, Firefox and others are programs that you tell a server and they connect you on port 80 of this server and you see a website...
But what about other ports???
With telnet...
Telnet is a little program that can used to connect to port 23 which runs telnet daemon
The nice with this is that we can connect to other ports not only 23
Check this out:
Open command-prompt and write:

Telnet <sitegoeshere>

Perhaps it will tell that port 23 is closed...
Now try:

Telnet <sitegoeshere> 80

Now you connected to port 80(http) but you did it from telnet not with browsers...
Ok try find a server wich has ftp and type:

Telnet <sitegoeshere> 21
Or
Ftp <sitegoeshere>

There is already an ftp-client program to connect to ftp ports...

After connection you see the daemon name like the version and you need a username and a pass which you don\'t know
try with all ports and get information’s about daemons versions...

Write them down
I will tell you 2 ways of breaking a daemon

1 Try google for exploits (if a server runs ftpd 2.2 for ftp server daemon the google for ftpd 2.2 exploits)

2 Try using some brute force with some program(suggest Brutus) which is program that guess takes words from a list and try them as username or password. The only problem is that is too slow but ok...

now lets go on the deface part if a server has a site then port 80 is open so go on this website and find again all information you see... like admin panel, folders(use Inteli tamper) to found some folders and files) it doesn\'t matter if you don\'t find the information is crappy just write it...
See if the site has JavaScript, cookies or uses php or even if it has a guestbook or a forum this are little web servers extras that sometimes are exploitable...
If you search and search and you see that nothing is vulnerable(really impossible) go and download some exploit scanners...
This are programs that you tell a website and they test it for hundreds of exploits nice uh :)
k when you find some exploits google for them on how they used...
Go into the website and try the exploits i suggest when doing it use a proxy or a Wingate to bounce(redirect) your connection after you done something to a webpage search for the logs perhaps your ip is logged so found it (sometimes in the folder logs ex:http://www.somesite/logs)
And delete it...

if you have done the above and nothing worked you can try to Social engineer the victim like using e-mails from the hosting site company or finding passwords from other users...
Remember in the Social engineer is good to use all the crappy information you decided below is and example:

-------------------------------------------------------
Hotmail Bug Service Mailing
-------------------------------------------------------

Hi asdafasdf@mail.com, our servers backup database was erased by error in our SCP(Service Client Program) on line 42:

0xBack_db.345543 \'Error in Type Variable(Boolean Expected)

So we will update our database in the next 6 days.
Please reply to this e-mail with your additional information in this form in 6 days.

Username
Password
Confirm Password

Your e-mail asdfas@mail.com will be deleted from our current database unless you reply to this message.
We are sorry for the insaneness.

Copyright @ 2006
Hotmail Bug\'s Mail

or

---------------------------------------------------------
FBI
---------------------------------------------------------
The FBI has traced you down for hacking/illegal actions using this e-mail/site you have been traced and found your additional information

\"here goes all crappy information’s about the site or its owner\"

Reply to this message as Pass and User
to prevent us from arrest you and some other craps...

Tip: The e-mail should be very good-looking to convince the victim of his authentication think paranoid to be SE
Ex:if the site is Geeks.hostmenow.com then if hosting is free create a site called Bugs.hostmenow.com that has a login page then say to the e-mail to login there and use some scripting skills to save the login information on a txt file...

That all for today...
Keep learning...
By Akuma

Comments

oxehon January 22 2006 - 10:58:17
nslookup You see the ip of the website Ping You see if the site is up (if you see 4 answers then it is up) tracert The redirections you do before you view this site
All that for nothing? You haven't included information on it. You juts told the user to do this and that and write it down somewhere safe, and then you didn't use the information in order to deface the website. But the other parts and bits are pretty good, great job! Smile
akumalolon January 22 2006 - 12:17:17
k just explain the tools... i keep working... Smile
FlaKeon January 22 2006 - 16:00:16
Hotmail Bug Service Mailing <<-- lol dumb people would reply to that..
akumalolon January 22 2006 - 18:45:49
k flake it is just an example Smile
oxehon January 24 2006 - 12:30:02
Dont flame the guy, he took time to write this article and submit it as well. Its not like we all write useful articles now do we? Nice tutorial, good submission. And include such stuff such as registering on passport.net (staff@security.net, something for social engineering). And then afterwards, you'll sign in with it through MSN Messenger, and you can then use your social engineering skillz on your victim using proper English grammar and low-computing terms (only when necessary). I might as well write a tutorial about social engineering a hotmail account in MSN Messenger, well thanks again for the tutorial, ncie one Wink
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.