Donate to us via Paypal!
Ideas are far more powerful than guns.
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 120
Guests Online: 119
Members Online: 1

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 2 1 2 >
Author

Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-07-07 03:38
Hi, I'm a bit new to hacking in general, but I have some ok skills (html, javascript, and that kind of stuff) and I was wondering what exactly are the most common site defacement methods and how they work. I am trying to mess with one of my freewebs sites I forgot the account info to Pfft so that maybe I can learn some stuff and eventually mess with my friend haha.

So, what exactly do I have to do to do the kind of stuff Richohealey did to his school's site? ([url]http://www.freewebs.com/richohealey/[/img])

Gain access to ftp? I know a little about RFI, but how does that work and how would I do it? Please help me learn a bit here, I would love to show off some new skills when school starts back this year Smile

Thanks...

BTW, the entire HBH community is awesome. I've never met such a gr8 crew of people online EVER. 1,,1, Rock On! ,1,,1


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:16
I am also interested in this.
Please, no "learn it yourself" comments or 'justfuckinggoogleit' links, questions like this are useful for those with less experience.


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:23
There's no 'most common' methodes, read all the articles, lots of them, lol..

@ThisOlderOne:

No, we wont tell you how to [email protected] a website without you learning something yourself..




Edited by on 19-07-07 18:25
Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:25
ThisOlderOne wrote:
I am also interested in this.
Please, no "learn it yourself" comments or 'justfuckinggoogleit' links, questions like this are useful for those with less experience.


Yeah, they sure are useful aren't they?
Because you get a nice little synopsis of exactly how to do something while others spent hours figuring it out.


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:25
Okay, well what do you expect that Richohealey did? :ninja:


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:31
ThisOlderOne wrote:
Okay, well what do you expect that Richohealey did? :ninja:


who cares?
you should be concerned with what YOU do.
read some books, stay up late tinkering with web pages.


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:36

Yeah, they sure are useful aren't they?
Because you get a nice little synopsis of exactly how to do something while others spent hours figuring it out.


YEAH!, i spend hours doing stuff i want to learn, and when i get it, someone says "ah, cool, you got it, now tell me how to [email protected] Fuckxor l33tzor a Websiteewsdgfvgdd,a,fk."



fuck....:whoa:


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:38
There are plenty of methods !! Anyway by now I MASSIVELY used SQL injections and sometimes found errors like lack of authentication check but you will never know the right method to use until you've used it, so learn as much as possible, read, do the challenges and have fun getting experience!


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:40
that question is stupid..

there is no universal hacking method.
it just shows that you're not even thinking about what you're asking

let alone doing some research on your own and coming here with a specific question on something you don't understand..

i want to start a sentence with "if there was such a thing has a defacement walkthrough.." but it's just too stupid.. to even imagine..

who do you think hackers are? ppl that love computers, that keep themselves up to date on as much topics as they can. you want to hack a site. ok. start by enumerating what the site is composed of.
(if you don't know do some research on that first..)
use scanners to help, nmap is old but does job, however there are more advanced tools like nessus or nikto that do it better,
they will give you some information about the server, other things like forums guestbooks and cms you have to find by browsing the page

after that go get copies of that and read the sources, try to find holes.
if you can«t/don«t want to. go to sites like milw0rm and securityfocus and see if there are known exploits for the things you found.

it might take minutes it might take weeks.
but you will always have to google and read stuff



Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 18:51
sakarin, that was very well put.

Too often have I come across people who want the easy answer, and an easy method of hacking/defacing. Hacking is all about READING, sorry if that came as a shock to you, but there is no easy route.

Stay here, study as much as your brain can possibly allow, and over time you will gradually become a stronger hacker. These challenges do simulate what it would be like to deface a website, and a lot of them are realistic cases, but in the real world, there is no "article" or "walkthrough" of a mission you have chosen for yourself.

Patience is a virtue lol.

Good luck!


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-07-07 19:03
http://hellboundh. . .acker.html
http://hellboundh. . .ange..html


Both by Cheese, READ THEM!




Author

RE: Defacement Methods

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 19-07-07 19:07
http://www.hellboundhackers.org/articles/index.php
http://www.hellboundhackers.org/lessons.php
http://www.hellboundhackers.org/podcasts.php

you are the exact reason i wrote those articles listed above.


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-07 17:11
So. What is the point in this forum again?


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-07 17:13
HackingForce wrote:
@ThisOlderOne:

No, we wont tell you how to [email protected] a website without you learning something yourself..


I have. I am asking what you believe he did.


lesserlightsofheaven wrote:
who cares?
you should be concerned with what YOU do.
read some books, stay up late tinkering with web pages.


I care.

I have spent endless nights up creating my own sites, if that counts.
I have spent hours reading articles on how to perform techniques, but not what technique to use.
The realistic missions are good for this reason, but they are quite obvious compared to reality.

I do not wish to deface a site, I am merely curious which technique is most commonly used.

(sorry about the double post.)




Edited by on 20-07-07 17:22
Author

RE: Defacement Methods

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 20-07-07 17:36
ThisOlderOne wrote:
Okay, well what do you expect that Richohealey did? :ninja:


WTF is that meant to mean?

You tool, do you know how i arrived at that site? it was a link from a forum when i googled "numeric checksum"

Buuuuurn


EDIT: posted before reading the end;

Sakarin, Nessus is only good if you have access to the logs afterwards... it's noisy as hell.

Nmap + a nice big exploit/0day archive is the go.




Edited by richohealey on 20-07-07 17:40
bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-07 17:37
ThisOlderOne wrote:
I care.

I have spent endless nights up creating my own sites, if that counts.
I have spent hours reading articles on how to perform techniques, but not what technique to use.
The realistic missions are good for this reason, but they are quite obvious compared to reality.

I do not wish to deface a site, I am merely curious which technique is most commonly used.

(sorry about the double post.)


creating ones own site, while indeed useful and will help you learn, does not compare to testing another site's security (if you're just talking web hacking). if you've supposedly read all these articles on techniques to use, you should understand where and when to use them.

Examples:

SQL Injection- Used where an SQL database is present and input to that database isn't secured.
XSS- Used where user supplied input to forms isn't validated.
RFI/LFI- In most cases, used when a php include() function doesn't validate input.
Cookie Poisoning- When cookie input isn't validated.

you'll note that most to all of web hacking techniques work when a users input is not properly sanitized. this is also true beyond web hacking: buffer overflows, integer overflows.

the only way to really learn once you've read the techniques is to go out and try them, so don't give me this "I don't want to deface a site wah wah" bullshit. go try these out sometime. if you really don't want to touch another site, set up vulnerable conditions on your own network and try it out at home.


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-07 18:03
Thank you lesserlightsofheaven, that's the most useful post I have read here in a while.

I plan to set up a controlled environment, like you say, when I get my new laptop.
And I have found learning PHP and its uses (not its potential abuses) has helped alot. I did not say that I had read every article, just those that were most relevant to what I was attempting.

[offtopic] Has anyone properly succeded in hacking into HBH?[/offtopic]




Edited by on 20-07-07 18:05
Author

RE: Defacement Methods

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 20-07-07 18:10
dude, what do you think the HoF is?

and clearly you weren't here for the reaper's phun.


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Defacement Methods

bl4ckc4t
Member

Your avatar

Posts: 591
Location: /etc/
Joined: 07.03.06
Rank:
Wiseman
Posted on 20-07-07 18:10
Cheese is right, People need to rethink what a REAL hacker is.

Aside from that:

XSS is one of the most common forms of attacks these days. Read up on Cross Site Scripting.

Javascript is VERY useful to know, as well as a decent knowledge of PHP and definitely HTML.

Learn about PHP shells, these are very useful in a Remote File Include. I am not going to tell you where to get one, just google it yourself, they are out there.

Session Fixation for a moderately advanced attack.

I don't recommend hacking an FTP, but learning about Linux/*nix FTP commands will help you in a PHP shell.

Read the guides on Google Hackers to learn about advanced googling, can be VERY useful at times.

I agree with lesserlightsofheaven, A controlled environment will be your best bet.

-Bl4ckC4t


Author

RE: Defacement Methods


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-07-07 18:14
ThisOlderOne wrote:
[offtopic] Has anyone properly succeded in hacking into HBH?[/offtopic]


a few times it has been attacked. I dont think someone has actually got to the admin panel tho.
RoMeO set up a CURL script which DDoS'd it and bought it down.
Another guy got an admin (i think anyway) to click a link which set up some code that grabbed everyones passwords. He then posted it on some website which annoyed a lot of people.

The admins dont really like talking about it though Wink



Page 1 of 2 1 2 >