How to hack a website
First, you want to find out as much about it as you can. So, first, you want to port scan it with nmap (I think its the best port scanner)
Code:
nmap -sT -O -p 1-250 -vv www.thesiteyouwishtohackgoesrighthere.xxx
So, me example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca
By the way, that is my school site, hack it if you want to :P
So, then you should get something like this.
this is my nmap result (Click to View)
C:\documents and setting\Captian falcon\Desktop\Tools\Reconnaissance\nmap-4.68>
nmap -sT -O -p 1-250 -vv http://www.mchs.gsacrd.ab.ca
Starting Nmap 4.68 ( http://nmap.org ) at 2008-07-27 19:12 Mountain Daylight Tim
e
Initiating Ping Scan at 19:12
Scanning 199.216.233.173 [2 ports]
Completed Ping Scan at 19:12, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:12
Completed Parallel DNS resolution of 1 host. at 19:12, 0.03s elapsed
Initiating connect Scan at 19:12
Scanning gsacrd.ab.ca (199.216.233.173) [250 ports]
Discovered open port 80/tcp on 199.216.233.173
Discovered open port 22/tcp on 199.216.233.173
Discovered open port 21/tcp on 199.216.233.173
Completed Connect Scan at 19:13, 24.94s elapsed (250 total ports)
Initiating OS detection (try #1) against gsacrd.ab.ca (199.216.233.173)
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
WARNING: RST from 199.216.233.173 port 21 -- is this port really open?
Host gsacrd.ab.ca (199.216.233.173) appears to be up ... good.
Scanned at 2008-07-27 19:12:46 Mountain Daylight Time for 27s
Interesting ports on gsacrd.ab.ca (199.216.233.173):
Not shown: 247 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
Warning: OSScan results may be unreliable because we could not find at least 1 o
pen and 1 closed port
Device type: general purpose
Running: Apple Mac OS X 10.3.X|10.4.X
OS details: Apple Mac OS X 10.3.9 (Panther) (Darwin 7.9.0, PowerPC), Apple Mac O
S X 10.3.9 (Panther) - 10.4.7 (Tiger) (Darwin 7.9.0 - 8.7.8, PowerPC)
OS Fingerprint:
OS:SCAN(V=4.68%D=7/27%OT=21%CT=%CU=%PV=N%G=N%TM=488D1D2A%P=i686-pc-windows-
OS:windows)OPS(O1=%O2=%O3=%O4=%O5=%O6=)WIN(W1=0%W2=0%W3=0%W4=0%W5=0%W6=0)EC
OS:N(R=Y%DF=N%TG=40%W=0%O=%CC=N%Q=)T1(R=Y%DF=N%TG=40%S=Z%A=S+%F=AR%RD=0%Q=)
OS:T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)U1(R=N)IE(R=N
OS:)
Read data files from: C:\Documents and Settings\Captian falcon\Desktop\Tools\Rec
onnaissance\nmap-4.68
OS detection performed. Please report any incorrect results at http://nmap.org/s
ubmit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.719 seconds
Raw packets sent: 42 (4348B) | Rcvd: 11 (712B)
Sometimes, it will say that the site is down, if so, put the -P0 at the end (Its a 0 not a o)
So the example would be.
Code:
nmap -sT -O -p 1-250 -vv www.mchs.gsacrd.ab.ca -P0
Alright, now, say that the site has a firewall, so that would mean, that your scan would say 0 open ports :(
But, don't worry. It is still possable to get into the site.
So, next thing you need to do is download net cat
Then, type this is :P
Code:
nc -vv www.mchs.gsacrd.ab.ca 80
Then, when something pops up, you may need to type
Code:
GET test
Then, you should get something like this.
This is what I got from netcat (Click to View)
C:\Documents and Settings\Captian falcon\Desktop\Tools\Backdoor Apps\NETCAT>nc -
vv http://www.mchs.gsacrd.ab.ca 80
DNS fwd/rev mismatch: docs.mchs.gsacrd.ab.ca != gsacrd.ab.ca
docs.mchs.gsacrd.ab.ca [199.216.233.173] 80 (http) open
GET test
Post a Comment