Upload File

clark sqli

4
YOU DO NOT HAVE THE PERMISSION TO COPY AND PUBLISH WITH YOUR NAME!!!! In this tut i will teach you how to deface a website using the necessary resources avaliable. This tutorial has been divided into 9 Phases. Lets start to learn how to deface phase by phase. PHASE 1 Q)Is my windows capable for defacing a site? Ans) To deface a website the main thing is to get the banner of the website so that u can match it with a sutible exploit and then gain access. To do so you must have "Telnet" Code: Open RUN and type Telnet FOR WINDOWS 7/VISTA/8 The above given windows do not contain Telnet so you can use "NetCat" PHASE 2 FINDING A VULNERABLE SITE TO DEFACE: First step of defacing is to find a vulnerable site. In order to do so you can download and install Acunetix Web Vulnerability Scanner. In my opinion it's the best scanner out there. Dowload and install a scanner. Then google for a site you want to deface. When found copy and paste the URL into the scanner and scan the site for Vulnerabilities. PHASE 3 COLLECTING INFORMATION ABOUT THE VULNERABLE WEBSITE : Now pay attention to this part, in the second step of defacing information about a Vuln. site is necessary for e.g: Code: IP, Windows, SQL version, FTP etc

Upload: jerico-aberilla

Post on 18-Dec-2015

232 views

Category:

Documents


0 download

Report

DESCRIPTION

all about vulnerability of websites

TRANSCRIPT

YOU DO NOT HAVE THE PERMISSION TO COPY AND PUBLISH WITH YOUR NAME!!!!

In this tut i will teach you how to deface awebsiteusing the necessary resources avaliable.Thistutorialhas been divided into 9 Phases. Lets start to learn how to deface phase by phase.

PHASE 1Q)Is my windows capable fordefacinga site?Ans) To deface awebsitethe main thing is to get the banner of thewebsiteso that u can match it with a sutible exploit and then gain access.To do so you must have "Telnet"Code:Open RUN and type Telnet

FOR WINDOWS 7/VISTA/8The above given windows do not contain Telnet so you can use "NetCat"

PHASE 2FINDING A VULNERABLE SITE TO DEFACE:

First step ofdefacingis to find a vulnerable site. In order to do so you can download and install Acunetix Web Vulnerability Scanner.In my opinion it's the best scanner out there. Dowload and install a scanner. Then google for a site you want to deface. When found copy and paste the URL into the scanner and scan the site for Vulnerabilities.

PHASE 3COLLECTING INFORMATION ABOUT THE VULNERABLEWEBSITE:

Now pay attention to this part, in the second step ofdefacinginformation about a Vuln. site is necessary for e.g:Code:IP, Windows, SQL version, FTP etc

1) FINDING IP:

To find the IP of the Vulnerable site click here and put thewebsiteurl in. This will give you the exact ip of thewebsite.

2) FINDING SERVER INFORMATION:

Now finding the server info. is necessary because by analyzing the server info. we can find a matching exploit and loop holes etc.To find thewebsites server info click here then copy the IP address of thewebsiteand paste it in the space given. This will give you all the information you need about thewebsite.. Version, FTP version etc

PHASE 4FINDING OUT WHETHER THEWEBSITEIS ONLINE OR OFFLINE:

In order to deface a site it is necessary that we gain access to it's FTP/ SERVER in order to deface but the server must be online in order to do that. To find it out click here and put in the site ip address to ping it. After a while the results will show u whether the site is online or offline.

PHASE 5BRUTE FORCING THE SERVER IN ORDER TO DEFACE A SITE:

The main step of thedefacingtut is to hack into a server in order to deface the site. Servers of the site are strong password protected in order to get nobody in. Most hackers do BruteForce attacks which are successful but need lot of time depending on the passwords strength and other factors. On the other way some ppl do Dictionary Attack which are total failure..

BREAKING IN:

In order to break in a server u must do a brute force attack on that server.For BruteForce i use "Brutus" which is a good tool. Just get the site url and paste it in the space provided in the tool.Code:You must know alteast the username of the servers login in order to brute attack.

Then select the password's length . You have to predict the password's length and u will be lucky if it's as the same lenght as the actual password.

PHASE 6FINDING OPEN PORTS TO ACCESS THE SERVER AND OBTAIN INFO.:

To get the vital open ports we must use a tool known as "Nmap".download the tool and install it.

Now when done to find open ports and which windows it runs on do the following:Code:Open the tool and in the "Command" type in "sT sV" and then scan the site.

After scanning the site it will give you the indormation about how many ports are open and which os it has etc...

PHASE 7FINDING THE "BANNER" OF AWEBSITE:

In order to the banner of a site you can use "Telnet" or NetCat

IN WINDOWS XP and OTHER OS's:

To find a banner just open the "RUN" and type in TELNET. then do the following:Code:o site ip port no.e.g: o 192.168.31.56 443

Remember the port should be open which you obtained in phase 6!!Then u'll get the banner.

PHASE 8:FINDING THE RIGHT EXPLOIT:

In order to find a exploit which is suitable with the server first we get some exploits. Go here and match the banner information with the exploits..When you find a matching exploit copy and paste the exploit in a notepad and follow the instructions in the last phase.

PHASE 9DEFACINGTHE SITE WITH A EXPLOIT:

Now when you have the Exploit u have to paste it in a notepad and save it according to the exploit codes:

Perl:

For perl exploits save the exploit in ".pl" extension. YOu must have Active Perl in order to run a exploit.http://www.activestate.com/activeperl

PHP:

For a php exploit save it in ".php" extension.Install WAMP to use the exploit. Download it from here:http://www.wampserver.com/en/

Python

For python exploits, copy & save it in .py extension.Download & Install python:http://www.python.org/downloadOnce done, edit the exploit with notepad & double click to run it.

C/C++

For C/C++ exploits, copy & save it in notepad.Download & Install Blood Shed. (Google the link)Once done, edit the exploit, compile & double click to run it.

If you are lucky then you will have full access to thewebsite.

YOU DO NOT HAVE THE PERMISSION TO COPY AND PUBLISH WITH YOUR NAME!!!!


VA FILEMAN SQL INTERFACE (SQLI) SITE MANUALSQLI)/sqli...VA FILEMAN SQL INTERFACE (SQLI) SITE MANUAL Patch DI*21.0*38 October 1997 Revised January 2005 Department of Veterans Affairs

Meet-Up SQLI Lyon 09-2015 - Varnish

Owasp Serbia: sqli,xss

13000 SQLi Dorks

Meet up sqli lyon 09-2015 - Gradle

SQLI GROUP - presentation

Devouring Security Sqli Exploitation and Prevention

Presentation sqli agency 2011

Ubérisez-vous ! SQLI Consulting

Practical Approach towards SQLi ppt

XSS SQLi sigurnost

SQLi Optimization and Obfuscation

Super Manual Sqli

SQLI - Club des DSI - Mobilité

SQLI Société anonyme Au capital de … · Société anonyme Au capital de 2.948.732,80€uros ... compte par SQLI dans le cadre de la mise en place de sa politique de ... SQLI Maroc

© SQLI GROUP – 2012 - technologies-ebusiness.com · © SQLI GROUP – 2012 THÉMATIQUES Comprendre les frameworks productifs Découvrir leurs usages . Synthèse . 2

SQLI //MOBILITY SPECIAL EDITION

Hacknbeers sqli and cryptography

Owasp Indy Q2 2012 Advanced SQLi

SQLI at SpringOne08

Isefac sqli e-merchandising_2013

VA FILEMAN SQL INTERFACE (SQLI) SITE MANUAL

From Sqli to Shell II

Curious Case of SQLi

Meet up sqli lyon 09-2015 - J Hipster

New Techniques in SQLi Obfuscation: SQL never before used in SQLi

RELATSIOONILISED ANDMEBAASID(alg) SQLi VÕIMALUSED

Meet up sqli lyon 09-2015 - Angular

Groupe SQLI Présentation des résultats 2003

Data Protection Case Study: SQL Injection (SQLi) and

20100205 Rss Lunch 5 Sqli Agency

SQLI Lab x FREYA

Aplicaciones Web Seguras (Anti-SQLi)

Sqli wp methode_ergonomieweb

3D Secure - europen.czeuropen.cz/Proceedings/45/3DSecureEurOpen.pdf · crew.blogspot.cz/2014/07/sqli-db-sqli-dork-scanner.html SQLi DB Havij Pro. Title: PowerPoint Presentation Author: