Resistance Anonymous quick start guide to hacking.Greetings Anons, my name is “Daniel” and I am a computer systems engineer with expertise In both hardware and software. This guide is to give you a very basic overview of how hackers work and the basic exploits they do. If you are interested please PM me on Facebook and ask me for links to getting started.So lets take a look at the common vulnerabilities:As you can see the common one's are SQLi (SQL Injection) and XSS (Cross-Site Scripting)followed by malicious file execution as part of the unknown category. So lets get started...
XSS
For the purpose of this demonstration we are going to use an XSS training website, this is aspecially designed site that you can test out exploits.http://testasp.vulnweb.com/search.asp.Ok, so lets start.In this case we are going to test if the site vulnerable. For this we simply inject a little Javascript, inthe search box type in the following:
<script>alert('this site is vulnerable');</script>
Ok, so what happened? Well we injected code into the website and made the webpage process thatcode. It outputted as a Javascript alert box. Now we know we can inject code into the site lets getmore technical.Lets input a HTML form that we can POST variables into the site. Enter the following into thesearch box:
<br><br>Anonymous login:<formaction="destination.asp"><table><tr><td>Login:</td><td><input type=text length=20name=login></td></tr><tr><td>Password:</td><td><input type=text length=20name=password></td></tr></table><input type=submit value=LOGIN></form>
well here we simply inject a form in html that the webpage then displays. From here we can postvariables to the underlying php code and even access, update or remove entries from the database aswell as the server files. And there you have it, simple XSS in 5 minutes!You should also note that the URL uses a default $_GET function to also display variables. TheURL can be manipulated in much of the same way. Now at this point I am expecting you to have alittle knowledge of coding. When php gets variables from html it does so by identifying the <inputname><?php$MyPass = $_GET['password'];$MyName = $_GET['login'];echo(“Hello $MyName”);?>
So now we have the ability to manipulate php and SQL. So in this case I managed to do adefacement on this page by updating the database. Everyone that loads this page up will now viewmy image by using the <img src=> tag and I have managed to spread the #AntiSec movementfurther.There are many arguments that can be passed in XSS and this is it at its most simplest form. Themore advanced XSS techniques rely on running pre-written scripts from a server owned by you.Even sometimes telling the code to download files or directories from the root server. There istheoretically no limit to what XSS can do if you can pull it off properly.
SQL Injection
SQL Injection is a form of attack on websites that uses the power of SQL. SQL Is a databaselanguage that has the power to store and retrieve data very much like an excel spreadsheet.With SQLi we can pass many arguments into the code. So lets get started, this is the php code thatnormally runs a webpage:
<?php// DB connection here:$Host = 'localhost' ;$User = 'Romekiller' ;$Pass = 'Alric' ;$DB = 'Resistance_Anonymous' ;
mysql_connect($Host, $User, $Pass);mysql_select_db($DB);
// Start of php code:$Name = $_POST['login'] ;
$sql = "SELECT * FROM members WHERE FirstName=$Name";print(“<table border='1'><tr><td>Name</td><td>Email</td><td>Password [MD5]</td></tr>”);
while ($row = mysql_fetch_array($sql)){echo(“<tr><td>$row['FirstName'] . "</td><td>” . $row['EMAIL_ADDRESS'] . “</td><td>“ . $row[Password'] . “</td></tr>;}Print(“</table>”);?>
Search History:
Result 00 of 00
00 results for result for
p.
Recommended
More From This User
Notes
Load more
