Hi, I`m stan_q and i`m gonna write a little tut about site hacking :wave:


Our goal is to get an admin access for site.

So, we`ve got a site named victim.com.
Our site can have troubles in program code and services launched in server. That we must check.

1 step - manual checking

Checking site for usual vulns: XSS, SQL-inj, PHP-includes and so on. Manually checking the site for this bugs. You also may use web-scanners like Jsky and other ones you like. If we found it - use this bugs to get an admin`s login\pass. Iа we don`t - go to the next step.

2 step - getting an information

We are visiting to 2ip.ru and getting all available information about this site: IP address, CMS, reverse IP checking (about other sites in this server).
Next step is checking IP adress (server) for any vulns: opened ports, dangerous services etc. In Windows OS I usually use XSpider (great tool).

CMS. I hope, all of you know what it is - Content manage system. In Runet, Uanet are usully used such CMSs like Joomla, DLE, WordPress and so on. Many of them (espessially old versions) have public vulns, that were not closed by admins of our victim.com.

Ok, we`ve collected all possible info about our site. If we could not find any vulns manually, we have to user exploits. Where can we get them:

code:


Exploits are usually wrote in perl, php or python.

If your exploit is successfull - you`ll get an access to site. If no - try next exploit.

No bugs?

:86: Yes, this happens offen. It seems, that there is nothing to do. But there are some possible ways.

As you remember, we did such a checking like reverse IP. It means, that we`ve got an info about other sites placed at the same server as our victim.com. Sometimes there is more than 100 sites. I think, that the possibility of founding vuln site is big enough.
If we`ve got access to another site at server, we may get the shell and find out our victim.com database (we must know an real adress of victim.com at server). If it happens - we get the DB and recovering admin`s login\pass.

What else can we do.

There is an possibility to get access to admin's mail and recover the pass.

The most difficult way, I think, is getting the CMS`s source and finding an vuln that nobody has found yet.

Finally the end

Ok, I hope, that someone has found something interesting in this article. I understand. that my level in hacking is too low to claim for any genius ideas in such a difficult matter as site hacking, but I think, that some systematization of this material is very useful. Any way, thanks to goolge.com for help and Randown for idea. And sorry for mistakes in my English - it also not so good enough :hmcool:

Specially for antichat, stan_q

(c)