Hacking Websites Attacking Ports

-Author Rishi Malve

Follow the steps:
1.) First of all you need a target website. (Google & find one) 2.) Once you have got your target website you have to Ping the website in order to get its I.P address. For lazy peoples :Enter target website in this website.
http://www.selfseo.com/find_ip_address_of_a_website.php

Once you’ve done that, it’ll Reveal its IP address.

-Author Rishi Malve

-Author Rishi Malve

Follow the steps: (Cont.)
1.) Once you’re done download, install & open Nmap. Once you have done that, do a –sT –sV scan of the website.
[That is put, nmap –sT –sV, in Nmap’s command bar & scan website.]

2.) Once done, observe open OS, ports, services running on the website server.

-Author Rishi Malve

Follow the steps: (Cont.)
1.) Once done, you’ll need to find banner of the software. [Banner: It shows the software & version running on ports.] Methods depend on the OS of the server. 2.) Look at the above slide which corresponds to your OS.

-Author Rishi Malve

Vista & windows 7.
You need to download & Open Netcat. Once done type, nc <IP> <PORT> Ex: nc 198.168.1.1 Once you’ve done that, you’ll get a banner. This will display all the details of the software running on port.

-Author Rishi Malve

windows XP and others.
Open Telnet [Start > RUN > telnet] Once done type, O <IP> <PORT> Ex: O 198.168.1.1 23 Once you’ve done that, you’ll get a banner. This will be displaying all the details of the software running on port. If this doesn’t work you can try Nc (netcat). -Author Rishi Malve

Follow the steps: (Cont.)
1.) Once you’ve got the banner, you need to search for vulnerability matching with banner. 2.) Look Exploit databases: Milw0rm: http://www.milw0rm.com ~~ www.exploit-db.com Security Focus: http://www.securityfocus.com Osvdb: http://www.osvdb.org Cve Mitre: http://cve.mitre.org Metasploit: http://www.metasploit.com -Author Rishi Malve

Follow the steps: (Cont.)
1.) Once you’ve got the matching exploit of the same version software. [If you haven’t got, try another port.] You need to edit values, compile & run it. 2.) Once you’ve got Exploit then you should compile, Exploits come in various languages such as Perl, python, PHP C & C++. -Author Rishi Malve

How to Exploit.

-Author Rishi Malve

Exploit For Perl lang.
1.) For Perl exploits, Copy the exploit in notepad & save it with .pl extension. Download & Install, Active Perl: http://www.activestate.com/activeperl Once done, edit the exploit with notepad & double click to run it.

-Author Rishi Malve

Exploit For PHP lang.
1.) For PHP exploits, copy & save it in .php extension. Download & Install WAMP: http://www.wampserver.com/en/ Once done, edit the exploit with notepad & execute it from CMD.

-Author Rishi Malve

Exploit For Python lang.
1.) For python exploits, copy & save it in .py extension. Download & Install python: http://www.python.org/download Once done, edit the exploit with notepad & double click to run it.

-Author Rishi Malve

Exploit For C/C++ lang.
1.) For C/C++ exploits, copy & save it in notepad. Download & Install Blood Shed. (Google the link) Once done, edit the exploit, compile & double click to run it. If your exploit is successful you will get access to server, You’ll be able to edit every part of the website. If your exploit wasn’t successful try with different port, services & software. You can also use Metasploit web to search exploits. -Author Rishi Malve

Thank you! For Queries : rishi.malve01@gmail.com rishi.malve01@Yahoo.com

Sign up to vote on this title
UsefulNot useful