How to Install Anaconda and Create Python Environment

on
0

Website Hacking

on

Might be above question is too difficult to be answered because there are lot of ways for doing this. So, I will explain you how to do it. But, please do not attack innocent websites because this way usually for testing my web application and secure it from outside attackers.

So, let's begin...

Let's suppose that this is your target site : hack-test.com






















First of all we should know the target's IP address :












Now we have 173.236.138.113 – this is the server IP where our target site is hosted.
But, we’ll need more information about your site, such as:
  1. DNS records (A, NS, TXT, MX and SOA)
  2. Web Server Type (Apache, IIS, Tomcat)
  3. Registrar (the company that owns your domain)
  4. Your name, address, email and phone
  5. Scripts that your site uses (php, asp, asp.net, jsp, cfm)
  6. Your server OS (Unix,Linux,Windows,Solaris)
  7. Your server open ports to internet (80, 443, 21, etc.)
Let’s start with finding your site’s DNS records. We will use the website “Who.is” to achieve this:















We have discovered that your site DNS records are:














Let’s determine the web server type:







So, from above information that we know this server is Linux based and almost 80% this server is using MySQL database.

Next, we could try to detect this website for its vulnurabilities using W3AF and you can find it on Kali Linux or Backtrack or Ubuntu :

Type this on your Terminal window :
root@pc:/home/user# w3af_gui

 We will insert our site URL and choose full audit option:

















After a few minutes, the scan will finish and you will see

















This site is vulnerable to sql injection, xss and others!
Let’s investigate the sql injection vulnerability:













This is the vulnerable url and cat is the vulnerable parameter.
So, let’s exploit this vulnerability. We will use sqlmap to the job and dump all database information that we need to hack this site.


After some seconds you will see :

Type n and press enter to continue



As you see your site is vulnerable to error-based sql injection and your mysql database version is 5
Let’s find all databases in your site by adding “–dbs ”

Now we found 3 databases



So, we notice that this site is using Wordpress and makes us easier to hack this. :D
We will dump wordpress database tables by adding “–D wordpress –tables ”

We will find all wordpress tables






We want to dump “wp_users” table, so we will find all users (admin?) information (user is and password hash) and try to crack hash and enter wordpress control panel ( wp-admin)
We will columns of “wp_users” table by adding “-T wp_users –columns ”

We will find 22 columns













We just need to dump to columns, so we will dump (user_login and user_pass ) columns by adding
-C user_login,user_pass –dump
We will find important information; we found now users and pass hashes







but we want to crack those hashes to clear text passwords. We will use the online site “http://www.onlinehashcrack.com/free-hash-reverse.php
And try to crack this hash 7CBB3252BA6B7E9C422FAC5334D22054








And clear text password is q1w2e3
And user name is “GeorgeMiller”
We will login with these details in “wp-admin ”
So, if your admin password of your website can be cracked, you have to consider to tighten your website security.

Conclusion:
In this article we learned the technique that is being used by hackers to target and hack your site and your server. I hope you liked this article and enjoyed it. But, please this article is just for learning purpose only and do not doing illegal thing to innocent website and I do not responsible with anything bad result if you practice this on other website.

Comments

Post a Comment

Please leave your comment politely and do not write a spam message.

Thank you. :)