PDA

View Full Version : exploits to hack sites



Bighomedog11
02-12-2006, 06:56 PM
Hey i am looken for some exploits to help me hack a site. If anyone has some please let me know..
Thanks

Ezekiel
02-13-2006, 05:25 AM
Hey i am looken for some exploits to help me hack a site. If anyone has some please let me know..
Thanks

You should join some good exploit/vulnerability mailing lists, thats where the exploits get announced first, if you just follow tutorials written on exploits which you find with google or something, the exploit is usually already fixed. If you join mailing lists, when an exploit gets posted (there won't be a good one every day, but usually every 2-5 days there should be something useful posted.) you will be one of the first to know. You should look at my two threads, one here:

http://www.all-nettools.com/forum/showthread.php?t=2**6

At the bottom I give instructions on how to join mailing lists like bugtraq. And my other thread here:

http://www.all-nettools.com/forum/showthread.php?t=24**

Which is an actual working exploit, all you have to do is google for "virtual hosting contol system", find one that's lower than 2.4.7.* (on the blue login page it's on the bottom left corner) then fill in the username you would like + url of site into the proof of concept page (a page created by the one who discovered the exploit, this page will basically submit the exploit code for you, which I will give a link to of you pm me) then click "exploit it", then you just login with the new account with full admin control over usually *0+ domains. It's easy enough for any n00b to do, it's about the easiest way you are going to find to "hack sites", over *00,000 servers use vhcs and probably over half of them are running the vulnerable versions. Post any replies in one of those threads I gave the links to.

Ezekiel
02-13-2006, 05:53 PM
It depends what exploits you want, web based exploits like xss, sql injections etc that will usually give you access to stuff like accounts/things you log in to, or exploits like buffer overflows, which will directly attack the server. Exploits like xss or sql injections would probably be easier for you, i'm assuming you don't know how to/haven't used a compiler yet, exploits like buffer overflows will be demonstrated in a c source file or a .pl perl script, but for stuff like xss all you usually have to do is upload a php script and send out urls to random people

Bighomedog11
02-13-2006, 09:09 PM
Dang thats alot of reading..LoL thanks for the help:)

carlo
02-14-2006, 07:54 AM
Allthough xss bugs are EXTREMLY effecive they are very rare. Probably you best option as mike said is the sql injection. A good walkthrough can be found here (http://www.securiteam.com/securityreviews/5DP0N*P76E.html).
Another good tool for a n00b is a http brute forcer (My tutorial here (http://www.all-nettools.com/forum/showthread.php?t=24*4).



carlo

Ezekiel
02-14-2006, 08:52 AM
XSS vulnerabilities are quite rare, but if you have joined all the best vulnerability mailing lists then you will be the first to know of the latest exploits, and you usually get a few good xss bugs discovered for major email services every month. If you don't want to go through testing all possible sql vulnerabilities, then you could just get a vulnerability scanner that includes sql injections, and scan the site, there will usually be a lot of vulnerabilities on old, unpatched servers. Carlo - you should add a few more "hacking techniques" like the exploits we are talking about here to your thread, here: http://www.all-nettools.com/forum/showthread.php?t=24*4 , so then people new to hacking will not have to ask "how do I hack this site ____", they can just check the list.

carlo
02-14-2006, 09:01 AM
Yeah, if you looked at the bottum it said that im going to write more in the next few days.