Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 27
Members Online: 5

Registered Members: 82901
Newest Member: sjs
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Common Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-07-08 21:20
Looking at zone-h.org's defacement mirror got me wondering a couple things.
1) what are some of the common methods people use to deface a website?
i.e. rfi (very rare, and slowly dying in my opinion), specific vulnerabilities in software being used, xss, or coding errors etc.
2) What does it take to do this to a website? i.e. It takes a full (or damn close) compromise of the entire webserver.
What I mean by this question is it takes access to the cpanel or some other editing console to edit the actual page of a website, w/ the exception of xss, right? So would that mean a defacement is proven to be a pretty dangerous level of access to the server?
3) what makes a defacement so "cool"? It seems most people are pretty proud of there "h@x0ring", I'm not saying they are dumb people but what makes this such a popular act?

EDIT;; if anyone can add a link to a site that explains some of the things im asking about, or offer a detailed forensic analysis of a successfull defacement of a website, such as http://www.zone-h. . ./14458/31/ I would really enjoy that. Thanks.




Edited by on 01-07-08 21:23
Author

RE: Common Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-07-08 21:21
apescanfly223 wrote:
Looking at zone-h.org's defacement mirror got me wondering a couple things.
1) what are some of the common methods people use to deface a website?
i.e. rfi (very rare, and slowly dying in my opinion), specific vulnerabilities in software being used, xss, or coding errors etc.
2) What does it take to do this to a website? i.e. It takes a full (or damn close) compromise of the entire webserver.
What I mean by this question is it takes access to the cpanel or some other editing console to edit the actual page of a website, w/ the exception of xss, right? So would that mean a defacement is proven to be a pretty dangerous level of access to the server?
3) what makes a defacement so "cool"? It seems most people are pretty proud of there "h@x0ring", I'm not saying they are dumb people but what makes this such a popular act?


1) All of these
2) You answered the question
3) Matrix gifs/flash.


Author

RE: Common Defacement Methods

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 01-07-08 21:35
1) what are some of the common methods people use to deface a website?


There are hundreds of ways to hack a website. Have you tried any challenges and learnt anything from them? have you read any articles?

2) What does it take to do this to a website?

It depends on the website. Each website is different. Exploit a specific flaw in the website and depending on how its built (cms/admin login/database driven/etc) depends on how it can be hacked from then on.

So would that mean a defacement is proven to be a pretty dangerous level of access to the server?


no. it depends. sometimes defacements are done via specific exploits in a website. if the server is pretty well locked down, if one account is effected its rare a hacker can get further. usually the dangerous hackers and ones that have the highlest level of skill, are the ones that don't deface. If you are defaced, it could mean they have file access, but thank your lucky stars they lack the ability to do anything more dangerous.


3) what makes a defacement so "cool"?

nothing. in my eyes a defacement just shows a lack of skill. the big boys are the ones who sniff details, redirect services (smtp etc), dns inject, identity theft etc. Those defacements where th hacker puts their name on it... why dont they just phone up the fbi and give them their address? much quicker and has pretty much same effect.

usually though defacements are done on shitty insecure low profile sites. due to lack of skill.

ofcourse if the defacement is done for political gain. thats a whole differnt story. although even in this case, defacement is lame in comparison to what really could be done.




Edited by Mr_Cheese on 01-07-08 21:39
http://www.hellboundhackers.org/
Author

RE: Common Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-07-08 00:43
ok cool thank you very much for the help Grin