Neler yeni

How Hundreds of Sites Are Hacked (One by One Expression) (1 Viewer)

Mesajlar
9
Credits
0
Revealed content
READ THIS DEFINITELY BEFORE STARTING WRITING. I WILL DEFINITELY ADD YOU TO SOMETHING (DO NOT INFLUENCE) Cee

Now read this article and don't imagine that I will hack 100s of sites. Not immediately, but it will surely be useful for you to hack 100s of sites. Guys, I started with sql, continued with upload vulnerabilities and then encountered xss and brute force. My first hacks were with sql injector, by the way. Then I started doing brute force. Brute force is good, you do not struggle, you give the program, you look at the sites in a few hours 1 2 sites have fallen. The important thing is not to use a single method constantly. Do in sql do brute forcede. But do it by giving them all the right and deal with current deficits. The real issue starts here. To do the job by giving the right.

Here are some tricks I try to explain by myself:

1) Don't Give Up The Site: Index should be the last thing you do late. Bring up the bottom of the site. Get as much information from the site as possible using all the methods.

2) Mass Deface: When you enter a site, first navigate the directories. Examine whether there are subdomain or other sites on the site. Generally it happens in other sites in directories like / vhost, / public_html. Index these sites using methods such as mass deface. (198 sites are hacked at the same time with this method.)

3) Pull config to the site you entered. Sometimes the site will not be available, but if you are on your lucky day, 98 sites will come out of a single config. (Some people got 100 from a single config)

4) Reverse Ip: Reverse ip to the site you entered, you will see other sites on the server. Try the open method you entered on the site on these sites. Some may have the same gaps.

5) Symlik Method: Sometimes you cannot index each site in config. By doing symlink, you can obtain database information of the config sites. You can change the admin password of other sites in config with Wordpress and Joomla admin reset password method.

6) Sql İnjector: You can always hack a site with this method by its name. For example, instead of waiting while doing brute force, you can choose a target site and make a SQL injector. It is my favorite.

7) Server Root: With this method, you can reach 1000 numbers, but the method is getting harder. Being root is 20% of the job and 80% of the job is exploit. Nowadays it has become quite difficult to find exploit that works. It is really hard to find exploit running especially in 2014-2013. Of course, if the site's server is 2012-2011, there are even auto root exploits. Try to be root on the server. If you can be rooted, you can reach nice numbers.

8) Update Your Information: Always search for new methods. New upload vulnerabilities, new dorks, new sql bypass techniques, new exploits etc. Don't get stuck with old methods.

9) Do Research: Let me explain this by giving an example: You entered a WordPress site but you do not have the right to edit the page. Do not see that you are not allowed and do Alt + F4. What other methods have been a problem to search engines. Learn how to upload your beautiful shell to the site with the theme installation method.

10) Don't Be Ungrateful: Remember the people who have the right on you. Do not be ungrateful to people who have taken time and responded to the questions you asked, stupid, and when they passed, they would not be disrespectful. Of course you will ask for help where you are stuck. So to speak, nobody can learn these things in the mother's womb. Respect always glorifies you. Makes an individual to be respected. (Respected Respected)

Note: I did not present the methods I mentioned in the location. I think it will be more useful if you search and find it yourself. You can think of teaching fishing instead of giving fish.


Detailed Lectures 1: Do Not Give Up The Site!

Generally, when many of our friends encounter problems in hacking a site, they try
to throw away the site after trying a few methods . This site is not hacked, it has a very difficult thought. In this way, it jumps from the site to the site, it gets a few information from each site, the admin panel of a site, the information from another site is accumulated, and information is accumulated, but this information alone is not enough for us to reach the happy end. It is obvious that we need more consistent and precise information.

So why our hacker candidate friend quits the site quickly. Is it because the site is not hackable, because no method is working, or because there is excessive security on the site? Or because you chose the easy one? Giving up ...

Let's think about it now. Is information that is easily taken from many sites that does not work, does more benefit to our business, or does consistent, precise and clear information that has been spent on time is used to take over the site? You will probably accept the second item. There is no problem in accepting it. The real problem is bringing this item to life. Strive, struggle.


Let's open a lot of hard work;

I mean hard work, it doesn't mean to try the same methods over and over again on the same system. Try all kinds of method on the site, spend time. If you do not get results, start trying a different method in all aspects on the target site. When applying the method, do not depend on one source.

Even if you have to try several times, trying to find different methods, different subjects, different perspectives, and most importantly, a new method of your own, switch to another method after applying the method completely to the site. Continue this cycle until there are no known methods available on the system.

Make a note of all the information you have obtained while dealing with the site. I do not say to buy and write paper pens.

Note that I mean, for example, create a folder with the name of the site and store all the information about the site, exploits, in this folder. The information you need to reach is at your fingertips when necessary. We can say to be practical. Then, when there are new methods you are familiar with, you can reach your target by comparing this site data in your archive. You will not need to find the site deficit again and identify the data.

So far, I have always talked about giving up. It's giving up. It will definitely be where we give up. Spending 1 week for a system is not logical. Consider the situation you are thinking of giving up, the admin panel of the site is in your hand, the admin username is the only thing left in your hand if the md5 is broken, it would not make sense to give up. You did what you need to do to break Md5; If you have not scanned the sites, tried to break with manual programs, you can not break the process, we think again. We ask for help from a friend who can break our md5 based on our proverb that is superior to mind. Attention here !!! After doing our best, we seek help from others as a last resort. As soon as we find the Md5, we do not begin to say to everyone who comes in front of us. First we get ourselves, then we ask for help. If we do not get any results, giving up will make sense for everyone. We give up but we give up by giving the right. We do not say that it was very difficult to hack this site. If you can say that the site is really solid, there are no methods that I haven't tried, you can say that the guys made a site like a stone, you deserve to give up and choose the way that seems logical.


Finally, I wanted to share a statement about the subject of Hz.

“Never lose hope. Maybe the last key he has will unlock it. ”Hazrat Mevlana
[/ HIDE]
 

Bu konuyu görüntüleyen kullanıcılar