To apply as a writer on this blog, Email us on [email protected]
Monday, February 28, 2011
Learn How to EXPLOIT : The Basics of EXPLOITING
NOTE: . This used to work, or the unicoded version worked, or the double unicoded version worked, or quotes worked, or unicoded quotes, etc., etc. Not so anymore....
Our only hope, when the .htpasswd is not on the web root, is to find another exploit that will allow us to access files. Such things exist but are hard to find, so read on....
SO NOW WHAT?
Well, as you tried to get the passfile looking for it in the obvious locations, and failed...maybe there are other ways of obtaining it....
Using AD or another security scanner, you can start looking for so-called vulnerabilities. This means testing the website for security, and trying to find ways into the site. How does this work, you ask? We need a tool to test the security...
For these essays, I will be talking about a tool called WebSiteFinder, or WSF in short. Written by Wolfman, this is a great tool, in my opinion. AD or Passcraft can do the same, so use whatever you feel comfortable with. If you start out, use AD.
To make these tools really effective, you need an exploit list. This is a list of basic paths that will be tested for possible vulnerabilities or access against the website. AD offers a basic exploit list, at least the older versions did. Exploit lists can be found all over the web, but please realise these are very basic, and some of the holes (=vulnerabilities) they have in it, are old and will not work anymore on most sites.
HOW TO MAKE YOUR OWN EXPLOIT LIST
Really good exploiters or crackers will not share their lists with you. The reason: Once some exploits are made public, chances are the holes will be discovered quickly and thus closed! And that is a bummer.
So you have to build your own list. How, you ask? Here are a few tips.
1. ANALYZE, THINK, STUDY, BE CREATIVE
First place to start, is to analyze your current exploit list. What makes sense, and what does not. What paths do you understand? Why do you think that particular path is a vulnerability, and if you came accross it, how would you use it? If you don't know, ask on a forum via PM, there are many people around that can and will help you. Moreover, read up on security sites (better get used to it), such as packetstorm, securiteam, etc.
NOTE: It is no use to just try exploits on sites if you don't understand what you are doing. The results can be very bad. You could, unwillingly, do damage to the site!
2. KEEP YOUR EYES ON THE SCREEN
Look at directory trees of sites you visit. Try to go up and down in levels in the dir to possibly find more holes...copy these to your exploit list.
3. STATS and LOGS
These are KING in my book. Why? Stats show the requests made to a website, and some stats list all the requests....including those of someone trying to exploit the site. The paths that this person tried may not have worked on the site, but heh, copy them to your exploit list, they may come in handy for other sites! Access logs show the same thing...moreover, they might tell you alot about the server, home server (FTP logs), usernames, and the basic website structure.
INTERMEZZO: "What to do with the usernames?"
This is a question I get a lot. Someone has seen the stats, and now has a list of usernames. Now what? Well, half the battle is won! Remember the statement I made about increasing your chances in getting access? This is it! Proceed in two ways:
1. Use the usernames and one of your wordlists to do a BF attack
2. Match the usernames to working combos you have. There are tools for this, and try to see if the combos work. Many users use the same password for different sites...see where I am getting at?
4. GOOGLE, GOOGLE, GOOGLE!
I love google. I embrace googling. You should too. Make googling your hobby! Type in a path or exploit, and see what you get, you will be surprised! It will lead you to access logs, vulnerability reports, cool sites, etc. Whatever you find and think is useful, copy to your exploit list...
Related Posts : Basics Hacking Tutorials
For more articles similar to this post visit @
Basics Hacking Tutorials
Subscribe to:
Post Comments (Atom)
0 Visitor Reactions & Comments:
Post a Comment