This tutorial has been divided into 9 Phases. Lets start to learn how to deface phase by phase.
PHASE 1
Q)Is my windows capable for defacing a site?
Ans) To deface a website the main thing is to get the banner of the website so that u can match it with a sutible exploit and then gain access.
To do so you must have "Telnet"
Code: Select all
Open RUN and type TelnetThe above given windows do not contain Telnet so you can use "NetCat"
PHASE 2
FINDING A VULNERABLE SITE TO DEFACE:
First step of defacing is to find a vulnerable site. In order to do so you can download and install Acunetix Web Vulnerability Scanner.
In my opinion it's the best scanner out there. Dowload and install a scanner. Then google for a site you want to deface. When found copy and paste the URL into the scanner and scan the site for Vulnerabilities.
PHASE 3
COLLECTING INFORMATION ABOUT THE VULNERABLE WEBSITE:
Now pay attention to this part, in the second step of defacing information about a Vuln. site is necessary for e.g:
Code: Select all
IP, Windows, SQL version, FTP etcTo find the IP of the Vulnerable site click here and put the website url in. This will give you the exact ip of the website.
2) FINDING SERVER INFORMATION:
Now finding the server info. is necessary because by analyzing the server info. we can find a matching exploit and loop holes etc.
To find the websites server info click here then copy the IP address of the website and paste it in the space given. This will give you all the information you need about the website.. Version, FTP version etc
PHASE 4
FINDING OUT WHETHER THE WEBSITE IS ONLINE OR OFFLINE:
In order to deface a site it is necessary that we gain access to it's FTP/ SERVER in order to deface but the server must be online in order to do that. To find it out click here and put in the site ip address to ping it. After a while the results will show u whether the site is online or offline.
PHASE 5
BRUTE FORCING THE SERVER IN ORDER TO DEFACE A SITE:
The main step of the defacing tut is to hack into a server in order to deface the site. Servers of the site are strong password protected in order to get nobody in. Most hackers do BruteForce attacks which are successful but need lot of time depending on the passwords strength and other factors. On the other way some ppl do Dictionary Attack which are total failure..
BREAKING IN:
In order to break in a server u must do a brute force attack on that server.
For BruteForce i use "Brutus" which is a good tool. Just get the site url and paste it in the space provided in the tool.
Code: Select all
You must know alteast the username of the servers login in order to brute attack.PHASE 6
FINDING OPEN PORTS TO ACCESS THE SERVER AND OBTAIN INFO.:
To get the vital open ports we must use a tool known as "Nmap".
download the tool and install it.
Now when done to find open ports and which windows it runs on do the following:
Code: Select all
Open the tool and in the "Command" type in "–sT –sV" and then scan the site.PHASE 7
FINDING THE "BANNER" OF A WEBSITE:
In order to the banner of a site you can use "Telnet" or NetCat
IN WINDOWS XP and OTHER OS's:
To find a banner just open the "RUN" and type in TELNET. then do the following:
Code: Select all
o site ip port no.
e.g: o 192.168.31.56 443Then u'll get the banner.
PHASE 8:
FINDING THE RIGHT EXPLOIT:
In order to find a exploit which is suitable with the server first we get some exploits. Go here and match the banner information with the exploits..
When you find a matching exploit copy and paste the exploit in a notepad and follow the instructions in the last phase.
PHASE 9
DEFACING THE SITE WITH A EXPLOIT:
Now when you have the Exploit u have to paste it in a notepad and save it according to the exploit codes:
Perl:
For perl exploits save the exploit in ".pl" extension. YOu must have Active Perl in order to run a exploit.
[Please login or register to view this link]
PHP:
For a php exploit save it in ".php" extension.
Install WAMP to use the exploit. Download it from here:
[Please login or register to view this link]
Python
For python exploits, copy & save it in .py extension.
Download & Install python: [Please login or register to view this link]
Once done, edit the exploit with notepad & double click to run it.
C/C++
For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.
If you are lucky then you will have full access to the website.
Credits: Vipermakd. of HF
