Search This Blog

Tuesday, March 1, 2011

Defacing Websites Part 4

Using SQL Injection and Php shell code scripting Part 4

** If you are too lazy for doing above stuff you can use tools they will do all the job:
1) Exploit scanner (this will find vulnerable websites) Code:

2) SQLi helpper (this tool will do all the injecting job and get you the pass or hash)

*** use the tools only if you are new to hacking. Do it manually thats the thrill and that is real hacking. When you do it manually you will understand the concept.

In some websites you can directly see the password but most of the websites encrypt them using MD5. so u have to crack the hash to get the password.

To crack the password there are three ways
1) Check the net whether this hash is cracked before:

2) Crack the password with the help of a site:

3) Use a MD5 cracking

Password = OwlsNest

After getting the password you can login as the admin of the site. But first you have to find the admin login page for the site. there are three methods to find the admin panel.

1) You can use an admin finder website:

2) You can use an admin finder software:

After logging in as the admin you can upload photos to the site. so now you are going to upload a shell into the site using this upload facility.

Dowload the shell here:

Extract it you will get a c99.php upload it.
Some sites wont allow you to upload a php file. so rename it as c99.php.gif
Then upload it.

After that go to (in most sites images are saved in this dir but if you cant find c99 there then you have to guess the dir)

find the c99.php.gif and click it..

Now you can see a big control pannel....
Now you can do what ever you want to do...
Search for the index.html file and replace it with your own file.
So if any one goes to that site they will see your page....

After Doing This click on Logout and You are Done..

Part 1
Part 2
Part 3
Part 4

SOURCE and more info at:

No comments: