Notes:
This 'guide' is used for educational purposes, to get others to learn to hack for good, or to see how hackers can work to better protect their own sites. This tutorial will provide steps to gain access to a website that has low security.
Step
Method 1 of 3: Using Cross Site Scripting
Step 1. Find vulnerable sites where you can post content
For example message boards. Remember, if the site is secure then this will not work.
Step 2. Create a new post
You have to type some special code into the “post” which will capture all the data that clicks on it.
-
Test to see if the system can filter the code. Post it
window.alert("test")
- . If a warning box appears when you click on a post, the site is vulnerable to attack.
Step 3. Create and upload a cookie catcher
The purpose of this attack is to capture users' cookies so that you can access their accounts on websites with vulnerable logins. You need a cookie catcher that will catch and reroute the target cookie. Upload this catcher to a website you have access to and supports php.
Step 4. Post with a cookie catcher
Entering the correct code into the post will capture and send the cookie to your site. Enter some text after the code to reduce suspicion and prevent your post from being deleted.
-
An example of a cookie catcher code looks like the following
Step 5. Use the collected cookies
After this, you can use the cookie information stored on your website for any purpose.
Method 2 of 3: Executing Injection Attack
Step 1. Find vulnerable sites
You need to find the vulnerable site to easily penetrate the admin login process. Search on Google with the keyword login.asp.
Step 2. Log in as admin
Type admin as username and use specific string as password. You can use a number of different strings, but the most common is 1'or'1'='1.
Step 3. Be patient
You have to dabble a lot.
Step 4. Access the website
Later you will find a string to access the website admin page, assuming this website is vulnerable to attack.
Method 3 of 3: Prepare for Success
Step 1. Learn one or more programming languages
If you want to seriously learn how to hack websites, you have to understand how computers and other technologies work. Learn to use a programming language like Python or SQL, so you can gain better control of your computer and identify vulnerabilities in your system.
Step 2. Master HTML programming
You need to have a really good understanding of html and javascript to be able to hack websites in particular. Learning to program takes time, but there are many ways for you to learn online, so learning opportunities are always open.
Step 3. Discuss with whitehats
Whitehat are hackers who use their expertise for good, exposing security vulnerabilities and making the internet a better place for everyone. To learn to hack and use your skills for good or help protect your own website, contact whitehats for advice.
Step 4. Do some research on hacking
You will have to do a lot of research to learn to hack or want to protect the web yourself. The myriad of ways in which a website can penetrate can be vulnerable and these are constantly changing, so you have to be constantly learning.
Step 5. Keep it up to date
Hacking techniques are constantly evolving and you should always be up to date. Just because you're protected against a certain type of hack now doesn't mean you'll be safe in the future!
Tips
Visit hacker forums for lots of helpful tips
Warning
- If you want to hack in the real world, randomize your IP address using software available on the internet.
- Reading this article doesn't mean you're going to be a hacker right away. You MUST keep learning and practicing.