EvilZone
Hacking and Security => Hacking and Security => : Live Wire January 29, 2013, 09:22:58 AM
-
First off: I'm not going to use this to deface websites, just want some info.
I understand how to compromise sites, but how do you go from getting information to changing the page? Is it as easy as finding the admin account and going from there, or is there a better way? Only asking because the most recent Anon attacks have made me wonder. Thanks
-
There's really no skill involved with defacing. There's a lot of different ways...if you have ftp access, you can del the index page and replace it with your own. You can also use a web shell to del/replace with your own index page, or if the shell is fancy enough, you may be inclined to simply edit the index page from the shell. If your only attack vector is sql injection, then you can try an into/out file query. Keep in mind, it doesn't have to be the index page, but that's generally the one that gets defaced.
I dont know man...it's really not that complicated, and there's a million different ways to do it. Don't get hung-up with learning about it, because it's honestly a huge waste of time.
-
okay, thanks for the fast reply. yeah, it is a waste of time, but it just seemed kinda interesting. and since it is one of the most common forms of hacking, and im looking at a career in cyber warfare, just seemed logical to know some of the basic steps.
-
Like m0rph mentioned, there are hundreds of ways to deface websites. Sometimes, it can be as easy as gaining a shell through file inclusions or maybe SQLi. And, sometimes the vulnerabilities do not look obvious. The trick here is to figure out what are the services the box/network is offering to you (& sometimes not exclusively to you, maybe filtered to you) and finding if any of the layers used by the implementation of those services are vulnerable to one of the various kind of attack vectors. And, don't forget, humans are stupid (I'm not implying that they are NOT smart) and they fall for several attacks; one particularly interesting is social engineering (You'll actually be perplexed by the success of this attack).
-
Deface is not hacking. It is, "Hey look at me and what I can do with all these programs I use! I'm cool now right?"
-
@techbb: i will quote what u say man :)
so deep to me..