Network Hacking - How To Hack A Website Perfectly Through Windows


Contents:


  • Foot Printing
  • Port Scanning
  • Banner Grabbing
  • Searching For vulnerabilities
  • Penetrating



THIS IS FOR EDUCATIONAL PURPOSE ONLY, I AM NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITIES DONE BY VISITORS, THIS IS FOR ETHICAL PURPOSE ONLY



1) Foot Printing:

Footprinting is the act of gathering information about a computer system and the companies it belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is important because to hack a system the hacker must first know everything there is to know about it. Below I will give you examples of the steps and services a hacker would use to get information from a website.

1. First, a hacker would start gathering information on the targets website. Things a hacker would look for are e-mails and names. This information could come in handy if the hacker was planning to attempt a social engineering attack against the company.
2. Next the hacker would get the IP address of the website. By going to http://www.selfseo.com/find_ip_address_of_a_website.php and inserting the web site URL, it will spit out its IP address.

3. Next the hacker would Ping the server to see if it is up and running. There’s no point in trying to hack an offline server. http://just-ping.com pings a website from 34 different locations in the world. Insert the website name or IP address and hit “Ping”. If all packets went through, then the server is up.


4. Next the hacker would do is lookup on the company website. Go to http://whois.domaintools.com and put in the target website. As you can see this gives a HUGE amount of information about the company. You see the company e-mails, address, names, when the domain was created, when the domain expires, the domain name servers, and more!

5. A hacker can also take advantage of search engines to search sites for data. For example, a hacker could search a website through Google by searching “site: www.the-target-site.com” this will display every page that Google has of the website. You could narrow down the number of results by adding a specific word after. For example the hacker could search “site: www.the-target-site.com email”. This search could list several emails that are published on the website. Another search you could do in Google is “inurl:robots.txt this would look for a page called robots.txt. If a site has the file “robots.txt”, it displays all the directories and pages on the website that they wish to keep anonymous from the search engine spiders. Occasionally you might come across some valuable information that was meant to be kept private in this file. Now that the basics of footprinting have been explained, we will move on to port scanning


2) Port Scanning :


                             The point of port scanning a server is to detect its open ports the port’s listening services. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of your website. In the port scanning example we will use the most popular port scanner: Nmap. The Nmap Security Scanner is available for both Mac and Windows users: http://nmap.org/download.html . The example will be shown using the Nmap GUI (Graphical User Interface). Otherwise known as Zenmap.

1.     First the hacker would choose a target and place it in the target box. As you can see the “Command:” section gets updated as well. This is what the command would look like if you were running the CLI version.






2.     Next the hacker would choose the “Profile:”, or in other words, the scan type. A smart hacker would go with a quick and quiet scan. Full version detection scans are very loud and could raise suspicion on the other end. Stay away from those options because as you will see later on, there are other ways to get that information.






3.     A sample scan result may look like the following:




4.     As you can see it found a few open ports and listed the services that are run on them.
5.     Along with finding out what ports are running, the hacker needs to also find out what operating system the server is running. There are always a lot of operating system vulnerabilities out there to choose from. So by knowing the operating system, the hacker’s chances of taking over the server go up.
6.     As you can see, there is an option on Nmap to detect the operating system, but this scan is very loud and easily detected so it is better to avoid it if possible. A simple way to determine what the server is running is by getting a 404 error page. You can get there by going to a page that doesn’t exist. For example the hackwww.targetsite.com/asdlfjasl.phper would put in  this page will most likely not exist and bring him to the 404 page. On most sites the 404 error page displays the server operating system along with its version. Many sites nowadays don’t display this by putting up custom 404 pages so this may not always work

7.     If you are planning on using the CLI version of Nmap, or want a more in depth look at all the commands take a look at the Nmap manual: http://nmap.org/book/man.html

8.     Now that the hacker has got all the running services and open ports on the targets system, he will now have to find out what versions the server is running. This is where “Banner Grabbing” comes in.


3) Banner Grabbing:

                              Now that the hacker has a full list of services running on the target system, to be able to exploit them, he has to first figure out what software and version the service is. One way the hacker can get this information, is to telnet into service port. In the example below, we will use command prompt on Windows (Start -> Run -> Type “cmd” -> Enter). If you are on a Mac, you will be using the terminal.
Note: If you are using Windows Vista, then telnet is not installed by default. You can install it by doing the following simple steps.
o Click Start then select Control Panel.
o Select Programs and Features.
o Select Turn Windows features on or off.
o Select the Telnet Client option and click OK.
o A box will appear to confirm installation. The telnet command should now be installed

1.     First, the hacker would choose one of the open ports that were revealed in the Nmap scan to continue with and attempt to exploit. Let’s say that when the hacker scanned his target, he found the port 21 open. As you can see on the chart above, port 21 is FTP. To find out what FTP software is running he would use telnet by running the command:
            telnet www.targetsite.com 21
2.  so to find this out follow my command
·        Open Command Prompt
·        Then type “telnet localhost 21”
3.      Next, it would connect to the target and display a banner telling the hacker the software and its version. This is the information the hacker needs to continue and begin searching for vulnerabilities for the software discovered.
4.     In Short it shows you
  “please visit : http://sourceforge.net/projects/filezilla”

5.     If the above method doesn’t work for you, then simply use Nmap’s full version detection option to get the information.


4) Searching For Vulnerabilities:

Now that the hacker has the name of the software being used and its version number, he would take that information and search a couple vulnerability databases for an exploit. If there’s an exploit available, he will run it against the server and take complete control. If there isn’t any, he would move onto another open port and try again on a different service.

Some of the most popular exploit databases are:
• Milw0rm
• SecurityFocus
• osvdb


                                By searching “filezilla” on milw0rm, fortunately the hacker won’t find any exploits for my current version of the FTP software. Now most people would move on to another port to try and find another possible vulnerability, but this doesn’t mean every hacker will. If a skillful hacker is determined, he may try to locate a vulnerability in the current software version and develop an exploit for it. In the hacker community, this new vulnerability would be called a “0-day”. 0-day vulnerabilities are very valuable in the hacker community for a few reasons.

• No one knows about the vulnerability, so the hacker could start hacking hundreds of websites before the vulnerability is discovered and patched.

• The hacker could sell the vulnerability for thousands of dollars.

• Discovering vulnerabilities and creating an exploit for it shows that the hacker is very skillful and raises his ranks in the hacker community.

You might be wondering why 0-days are worth so much. It’s very simple. I’ll explain it with a simple equation.

Hacker + 0-Day + Company Servers = Bad Reputation = Loss of Money

Now before we get into the actual penetrations, I will discuss a couple of the common type of attacks used against discovered vulnerabilities.

Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it.
Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker. Once this code is executed, the hacker can receive full control of the server.

If you search the Milw0rm exploit database, you will see that in many exploit titles it reads local exploit or remote exploit. Below are their definitions:

Local Exploit – To run a local exploit, you must first have access and privileges on the machine. Local exploits are usually used to escalate ones privileges to admin or root. In other words, it allows an ordinary user to gain root privileges.


Remote Exploit – A remote exploit is pretty much the same thing as a local exploit except that it isn’t run locally, but launched from anywhere across the internet.
A hacker usually has to use a combination of both remote and local exploits to gain full control of a system. For example, the hacker may have been able to gain regular privileges with a remote exploit attack, and then be able to escalate to root privileges with the help of a local exploit.
  

5) Penetration Testing:

                         So now you might be wondering: Once the hacker finds the right exploit, how does he go about running it against the target and penetrating the server? This will all be explained in this chapter.
As you search Milw0rm or any of the other couple exploit database websites provided in this chapter, you will notice that the exploits are created in many different types of programming languages. Below I will list a few of the most common programming languages used, and how a hacker would compile and run them against a server.

PHP: PHP
PHP exploits are very common. PHP exploit code usually starts with <?php and ends in ?> . Let’s say the hacker wanted to do some temporary damage to a server running FTP Server 0.9.20. If he was to search milw0rm he would come up with the following DOS exploit: http://milw0rm.com/exploits/2901 and run it against the server. Below are the steps the hacker would take.

1.     First the hacker would need to install PHP onto his computer. WAMP is a free web server that comes with PHP. If you are using a Mac then you must install MAMP . Next, paste the PHP exploit into notepad or any word processor and save it as “exploit.php”.
You will have to know a little PHP to edit the target address. On line 13 of this exploit you will see: $address = gethostbyname(‘192.168.1.3’); here you will have to edit in the IP address of the target. Every exploit is different. Some you have to know what to edit and some have runtime instructions. Save this edited file into the PHP directory on your server that contains the PHP executable file. In WAMP the directory would be C:\wamp\bin\php\php5.2.5 , of course the last directory version number changes with newer versions.

2.     Next open up the command prompt or terminal if you are using a Mac, and go to the PHP directory by using the CD (change directory) command followed by the directory location.


I will explain commands for widows

è Open Cmd
è Then Type C:\wamp\bin\php\php5.2.5

3.      Now it’s time to run the exploit. To run it simple type in “php exploit.php” and hit enter. You should get a couple errors.

4.     When skilled hackers create exploits, they sometimes insert mistakes or extra code so that script kiddies with no programming knowledge wouldn’t be able to use them. The above is a simple example. If you go to line 18 of this exploit , will see the line $junk.=”../../../sun-tzu/../../../sun-tzu/../../../sun-tzu”; this line was inserted to throw off the script kiddies and by simply removing it, the error will disappear. Just another reason why it’s helpful to learn how to program. Also every now and then you will receive other errors such as the one the second picture shows above. These errors have to do with the server configurations.

5.     Now as a hacker, you have to learn a lot on your own. By going around asking simple questions like this all the time will make you look bad and the most common response you will receive: www.google.com . Google is your friend, so take advantage of it! So starting now, begin to use Google, and if you are still stuck, then you can ask help on community forums.

6.     Once the errors are fixed and the program is running, a DoS attack will be launched the target website up until you exit the command screen. If the target server can’t handle much, you may be able to see the affect of your exploit by going to the site and clicking around. If it is working, the site will begin to lag and it’ll take a long time to load pages. Eventually the server may go down completely.


Perl:
   Running Perl exploit scripts is just as easy as running PHP scripts.

1.     Download and install the appropriate version of ActivePerl.

2.     Next the hacker would find an exploit for vulnerability. In this example we will use the following example: http://milw0rm.com/exploits/6581 for WinFTP Server 2.3.0. This is also a Denial of Service (DoS) exploit.

3.     Edit the options like the target server and others as needed. Then save the file as “exploit.pl”. As you can see Pearl exploits begin with “!/usr/bin/perl”

4.      Open CMD or Terminal and change into the directory with the exploit using the CD (change directory command). Then run the exploit by typing:
“perl exploit.pl”. The attack has begun. It’s Quite  Simple Right

And With This I Stop Explaining Stuff On Hacking Website, this is for windows, it’s difficult but in linux based Operating systems like Kali Lunux Or Backtrack it is very easy to hack a website than in windows because there are specially many tools for it.

So in my upcoming posts I will explain how to hack a website through Kali Liunux Very easily, so visit frequently to learn new hacks


Now We go for Countermeasures:

There are a few things you can do to stay secure from network hacking attempts.

1)    Keep all your software up to date. There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out.
2)    Implement a firewall. This will keep most of the bad data out and good data in.
3)    Install anti-virus software. (Very Important)

4)    Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system.
5)    Scan Your System every now and then because someone may have attacked you with keylogger without your knowledge because at present days I see keylogger with each and every person, then you are trapped but through scanning it is very easily detected and deleted


=============     Hacking Don't Need Agreements     =============
Just Remember One Thing You Don't Need To Seek Anyone's Permission To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
            Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You, So For Queries or Any Problem Comment Below Or You Can Mail Me At BhanuHacks@gmail.com


Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment