Footprinting is the act of gathering information about a computer system and the companies it belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is important because to hack a system the hacker must first know everything there is to know about it. Below I will give you examples of the steps and services a hacker would use to get information from a website.
This tutorial will fully explain you how to hack a website..........:)
This tutorial will fully explain you how to hack a website..........:)
First of all you need a target website. (Google & find one)
Once you’ve got it, plug into this website.http://www.selfseo.com/find_ip_address_of_a_website.php
Once you’ve done that, it’ll split out its IP address.
Next thing you need to do is find out is, it online or offline. (Ping)
Go to http://www.just-ping.com & ping the IP obtained in last step.
Observe the results from ping. (Okay means online)
Now, we need to gather information about the website. (Whois lookup)
Go to http://whois.domaintools.com & plug up the IP or the website.
You’ll see a large amount of information about the website.
Use Google to find even more information about the website.
Once you’re done download, install & open Nmap.
Once you have done that, do a –sT –sV scan of the website.
[That is put, nmap –sT –sV, in Nmap’s command bar & scan website.]
Once done, observe open OS, ports, services running on the website server.]
Once done, you’ll need to find banner of the software.
[Banner: It shows the software & version running on ports.]
Methods depend on the OS of the server.
For WIN VISTA & 7:
You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]
Once done type, nc <IP> <PORT>
Ex: nc 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
For other OS:
Open Telnet
[Start > RUN > telnet]
Once done type, O <IP> <PORT>
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.
Once you’ve got the banner, you need to search for vulnerability matching with banner.
Exploit databases:
Milw0rm: http://www.milw0rm.com [ now dead ] :-(
Security Focus: http://www.securityfocus.com
Osvdb: http://www.osvdb.org
Cve Mitre: http://cve.mitre.org
Metasploit: http://www.metasploit.com
Once you’ve got the matching exploit of the same version software.
[If you haven’t got, try another port.]
You need to edit values, compile & run it.
Most common exploit Coders:
Perl
For perl exploits, Copy the exploit in notepad & save it with .pl extension.
Download & Install, Active Perl: http://www.activestate.com/activeperl
Once done, edit the exploit with notepad & double click to run it.
PHP
For PHP exploits, copy & save it in .php extension.
Download & Install WAMP: http://www.wampserver.com/en/
Once done, edit the exploit with notepad & execute it from CMD.
Python
For python exploits, copy & save it in .py extension.
Download & Install python: http://www.python.org/download
Once done, edit the exploit with notepad & double click to run it.
C/C++
For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.
If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.
Once you’ve got it, plug into this website.http://www.selfseo.com/find_ip_address_of_a_website.php
Once you’ve done that, it’ll split out its IP address.
Next thing you need to do is find out is, it online or offline. (Ping)
Go to http://www.just-ping.com & ping the IP obtained in last step.
Observe the results from ping. (Okay means online)
Now, we need to gather information about the website. (Whois lookup)
Go to http://whois.domaintools.com & plug up the IP or the website.
You’ll see a large amount of information about the website.
Use Google to find even more information about the website.
Once you’re done download, install & open Nmap.
Once you have done that, do a –sT –sV scan of the website.
[That is put, nmap –sT –sV, in Nmap’s command bar & scan website.]
Once done, observe open OS, ports, services running on the website server.]
Once done, you’ll need to find banner of the software.
[Banner: It shows the software & version running on ports.]
Methods depend on the OS of the server.
For WIN VISTA & 7:
You need to download & Open Netcat.
[Because Telnet is disabled in WIN VISTA & 7]
Once done type, nc <IP> <PORT>
Ex: nc 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
For other OS:
Open Telnet
[Start > RUN > telnet]
Once done type, O <IP> <PORT>
Ex: O 127.0.0.1 21
Once you’ve done that, you’ll get a banner.
This will be displaying all the details of the software running on port.
If this doesn’t work you can try the first method.
Once you’ve got the banner, you need to search for vulnerability matching with banner.
Exploit databases:
Milw0rm: http://www.milw0rm.com [ now dead ] :-(
Security Focus: http://www.securityfocus.com
Osvdb: http://www.osvdb.org
Cve Mitre: http://cve.mitre.org
Metasploit: http://www.metasploit.com
Once you’ve got the matching exploit of the same version software.
[If you haven’t got, try another port.]
You need to edit values, compile & run it.
Most common exploit Coders:
Perl
For perl exploits, Copy the exploit in notepad & save it with .pl extension.
Download & Install, Active Perl: http://www.activestate.com/activeperl
Once done, edit the exploit with notepad & double click to run it.
PHP
For PHP exploits, copy & save it in .php extension.
Download & Install WAMP: http://www.wampserver.com/en/
Once done, edit the exploit with notepad & execute it from CMD.
Python
For python exploits, copy & save it in .py extension.
Download & Install python: http://www.python.org/download
Once done, edit the exploit with notepad & double click to run it.
C/C++
For C/C++ exploits, copy & save it in notepad.
Download & Install Blood Shed. (Google the link)
Once done, edit the exploit, compile & double click to run it.
If your exploit is successful you will get access to server,
You’ll be able to edit every part of the website.
If your exploit wasn’t successful try with different port, services & software.
You can also use Metasploit web to search exploits.
i take no responsibility that how you use this information..so have a good luck
have a happy hacking session.
regards 54nj33v....
source cybershubham[dot]com
