Website Defacement

[Nortcele]

Okay so just want to ask a simple question,


Can you guys name some of the methods you would go about defacing a site (if you had too?)


My website is pretty secure I'm sure, but just to be safe, there is no admin page, and it is not SQL Injection vulnerable...


What other things do I need to look out for?

[Syntax990]

SQL Injection would be on the list, but since your asking:

• XSS
• Remote File Inclusion
• Local File Inclusion
• Exploiting vulnerabilities (Such as an outdated Adobe or Java applet)

All these methods are ways of possibly escalating privileges, but I cant do any of them :/

[Nortcele]

XSS isn't supported


Need to look at RFI and LFI


But thanks

[shome]

Okay so just want to ask a simple question,


Can you guys name some of the methods you would go about defacing a site (if you had too?)


My website is pretty secure I'm sure, but just to be safe, there is no admin page, and it is not SQL Injection vulnerable...


What other things do I need to look out for?

There are many different ways to answer this question.

Based on the information you've provided, I or the attacker would obviously want to look for some sort of listening service available besides apache, IIS God forbid, etc. I would first determine whether your web server is being hosted by a DNS or public domain, or by yourself on your own network, which i'm assuming is the case ?I would then look for zone transfers, do a dig, traceroute (all through proxychains, vpn), even nmap, and try to find a zombie to use as a decoy within your network, preferably a machine that wouldn't raise much suspicion in the logs, and pass as one of your own network devices. 

The goal as an attacker/defacer/skiddie etc. would be to root the machine through SSH, and edit the index.html file directly, but i'm just jabbering here. SQL Injection, web flaws would be my first go to. But since you claim it's not SQL injection vulnerable (what makes you so sure ?). In the case SSH isn't listening, then I would look into other listening services, or possibly looking for google dorks, sqlmap, etc.

 I would also be very interested what version of apache you're running, and how well you configured the .htaccess file, and try out some local and remote file inclusion vulnerabilities as syntax noted. How well the machine and / or the network is locked down in general would also be a question of mine.

Looking forward to other responses.

[z3ro]

Website defacement is lame.

[M1lak0]

I must give attention to this.
Okay here is some of the server based hacks I did in my early black hat days:

• Symlink attack
• cPanel BruteForcing
• File Upload

If you are using some kind of cms like wp or joomla you can hacked easily if the attacker have access to any of the user on the server. For example:
I'm an attacker and you'r site is my target site I would hack any of the site on the server which can be hacked easily and then perform a symlink attack and gain access else would run  a cPanel cracker to crack your cPanel. See to these things. Even check for the proper filter of file uploads but less possibilities..

Also the image is just for fun!



To save your self you should have 2013 or + server hosting. Else patch it from the core if having vps.
Hope it helped..

[Kulverstukas]

The title of this thread made me wanna move it to BoS, but members made it legit. +1 to errybody.

[Nortcele]

Thanks guys

[queryFrequency]

You have to first, obviously, rewrite the execution binary to gain centralized host access. Once you have access you need to program a c-sharp GUI interface to track the back end IP address so you can modify the XML packets to allow you to upload a malicious PHP file generated with Air Crack. Now, upload your handshake into the server. Now, once successfully hacked into the server. Upload your malicious esoteric deface page by replacing the /index.html. Duh...

[Architect]

You have to first, obviously, rewrite the execution binary to gain centralized host access. Once you have access you need to program a c-sharp GUI interface to track the back end IP address so you can modify the XML packets to allow you to upload a malicious PHP file generated with Air Crack. Now, upload your handshake into the server. Now, once successfully hacked into the server. Upload your malicious esoteric deface page by replacing the /index.html. Duh...

Oh you mean..
$ echo "(;" > index.html

...Yes, this is a thing. Seriously though, who defaces sites anymore? It's always been about getting [root] shells for me.

[ShadowCloud]

I must wonder why the primary concern here is web defacement?  Essentially the question asks for ways to obtain write access.  If I had write access, defacement would be the least of your concern. 

I used to do a lot of website hacking and I'd add an HTML comment and then submit the contact form, informing them of the breach and how I would recommend they prevent it.

It's an open ended question, sort of like asking how would you put water in a bucket?

[m0rph]

XSS isn't supported

Actually, this is 100% false. XSS can, in fact, be used to deface a website (server-side if the method is stored, client-side if the method is reflected). Here are some ways XSS can be used like a pro:

-Reverse Shell On Server via XSS-

Code: [Select]

https://www.youtube.com/watch?v=B6QAjB3kYec

-Reverse Shell On Client via Reflective XSS-

Code: [Select]

https://vimeo.com/82779965

-XSS Being Used As A Worm-

Code: [Select]

https://www.youtube.com/watch?v=fcWb54gdWAo

-Stealing Online Sessions With XSS-

Code: [Select]

https://www.youtube.com/watch?v=-H1qjiwQldw

So on and so forth. Don't ever insinuate an attack is useless just because you don't understand how it works. That is a prime example of skid behavior. There is nothing wrong with being a noob. All of us were noobs at one point. There is no excuse for claiming an absolute false as being true when you don't even know the principle behind it. That is the definition of being an ignorant retard.