Pages: [1]

Author Topic: Website Defacement Question  (Read 4467 times)

0 Members and 1 Guest are viewing this topic.

Offline Live Wire

  • Knight
  • **
  • Posts: 189
  • Cookies: 4
  • Up on your Net
    • View Profile
Website Defacement Question
« on: January 29, 2013, 09:22:58 am »
First off: I'm not going to use this to deface websites, just want some info.
 
I understand how to compromise sites, but how do you go from getting information to changing the page? Is it as easy as finding the admin account and going from there, or is there a better way? Only asking because the most recent Anon attacks have made me wonder. Thanks
Report to moderator   Logged
"There is no right or wrong, there is only fun and boring."

Z3R0

  • Guest
Re: Website Defacement Question
« Reply #1 on: January 29, 2013, 09:44:38 am »
There's really no skill involved with defacing. There's a lot of different ways...if you have ftp access, you can del the index page and replace it with your own. You can also use a web shell to del/replace with your own index page, or if the shell is fancy enough, you may be inclined to simply edit the index page from the shell. If your only attack vector is sql injection, then you can try an into/out file query. Keep in mind, it doesn't have to be the index page, but that's generally the one that gets defaced.

I dont know man...it's really not that complicated, and there's a million different ways to do it. Don't get hung-up with learning about it, because it's honestly a huge waste of time.
« Last Edit: January 29, 2013, 09:45:37 am by m0rph »
Report to moderator   Logged

Offline Live Wire

  • Knight
  • **
  • Posts: 189
  • Cookies: 4
  • Up on your Net
    • View Profile
Re: Website Defacement Question
« Reply #2 on: January 29, 2013, 10:42:51 am »
okay, thanks for the fast reply. yeah, it is a waste of time, but it just seemed kinda interesting. and since it is one of the most common forms of hacking, and im looking at a career in cyber warfare, just seemed logical to know some of the basic steps.
Report to moderator   Logged
"There is no right or wrong, there is only fun and boring."

Offline DaNePaLI

  • Peasant
  • *
  • Posts: 55
  • Cookies: 12
  • Forever n00b
    • View Profile
Re: Website Defacement Question
« Reply #3 on: January 29, 2013, 02:04:24 pm »
Like m0rph mentioned, there are hundreds of ways to deface websites. Sometimes, it can be as easy as gaining a shell through file inclusions or maybe SQLi. And, sometimes the vulnerabilities do not look obvious. The trick here is to figure out what are the services the box/network is offering to you (& sometimes not exclusively to you, maybe filtered to you) and finding if any of the layers used by the implementation of those services are vulnerable to one of the various kind of attack vectors. And, don't forget, humans are stupid (I'm not implying that they are NOT smart) and they fall for several attacks; one particularly interesting is social engineering (You'll actually be perplexed by the success of this attack).
« Last Edit: January 29, 2013, 02:11:46 pm by DaNePaLI »
Report to moderator   Logged

Offline techb

  • Soy Sauce Feeler
  • Global Moderator
  • King
  • *
  • Posts: 2350
  • Cookies: 345
  • Aliens do in fact wear hats.
    • View Profile
    • github
Re: Website Defacement Question
« Reply #4 on: January 29, 2013, 06:50:55 pm »
Deface is not hacking. It is, "Hey look at me and what I can do with all these programs I use! I'm cool now right?"
Report to moderator   Logged
>>>import this
-----------------------------

Offline blank_page

  • NULL
  • Posts: 3
  • Cookies: -1
    • View Profile
Re: Website Defacement Question
« Reply #5 on: March 07, 2013, 04:24:59 pm »
@techbb: i will quote what u say man :)

so deep to me..
Report to moderator   Logged
Pages: [1]