file access
+ Reply to Thread
Results 1 to 7 of 7

Thread: exploits to hack sites

  1. #1
    Join Date
    Dec 2005
    Posts
    79

    exploits to hack sites

    Hey i am looken for some exploits to help me hack a site. If anyone has some please let me know..
    Thanks

  2. #2
    Join Date
    Sep 2005
    Posts
    2,050

    explots

    Quote Originally Posted by Bighomedog**
    Hey i am looken for some exploits to help me hack a site. If anyone has some please let me know..
    Thanks
    You should join some good exploit/vulnerability mailing lists, thats where the exploits get announced first, if you just follow tutorials written on exploits which you find with google or something, the exploit is usually already fixed. If you join mailing lists, when an exploit gets posted (there won't be a good one every day, but usually every 2-5 days there should be something useful posted.) you will be one of the first to know. You should look at my two threads, one here:

    [url]http://www.all-nettools.com/forum/showthread.php?t=2**6[/url]

    At the bottom I give instructions on how to join mailing lists like bugtraq. And my other thread here:

    [url]http://www.all-nettools.com/forum/showthread.php?t=24**[/url]

    Which is an actual working exploit, all you have to do is google for "virtual hosting contol system", find one that's lower than 2.4.7.* (on the blue login page it's on the bottom left corner) then fill in the username you would like + url of site into the proof of concept page (a page created by the one who discovered the exploit, this page will basically submit the exploit code for you, which I will give a link to of you pm me) then click "exploit it", then you just login with the new account with full admin control over usually *0+ domains. It's easy enough for any n00b to do, it's about the easiest way you are going to find to "hack sites", over *00,000 servers use vhcs and probably over half of them are running the vulnerable versions. Post any replies in one of those threads I gave the links to.
    Last edited by Ezekiel; 02-13-2006 at 09:21 AM.

  3. #3
    Join Date
    Sep 2005
    Posts
    2,050

    exploits

    It depends what exploits you want, web based exploits like xss, sql injections etc that will usually give you access to stuff like accounts/things you log in to, or exploits like buffer overflows, which will directly attack the server. Exploits like xss or sql injections would probably be easier for you, i'm assuming you don't know how to/haven't used a compiler yet, exploits like buffer overflows will be demonstrated in a c source file or a .pl perl script, but for stuff like xss all you usually have to do is upload a php script and send out urls to random people

  4. #4
    Join Date
    Dec 2005
    Posts
    79
    Dang thats alot of reading..LoL thanks for the help

  5. #5
    carlo Guest

    SQL Injection

    Allthough xss bugs are EXTREMLY effecive they are very rare. Probably you best option as mike said is the sql injection. A good walkthrough can be found [URL="http://www.securiteam.com/securityreviews/5DP0N*P76E.html"]here[/URL].
    Another good tool for a n00b is a http brute forcer (My tutorial [URL="http://www.all-nettools.com/forum/showthread.php?t=24*4"]here[/URL].



    carlo

  6. #6
    Join Date
    Sep 2005
    Posts
    2,050

    exploits

    XSS vulnerabilities are quite rare, but if you have joined all the best vulnerability mailing lists then you will be the first to know of the latest exploits, and you usually get a few good xss bugs discovered for major email services every month. If you don't want to go through testing all possible sql vulnerabilities, then you could just get a vulnerability scanner that includes sql injections, and scan the site, there will usually be a lot of vulnerabilities on old, unpatched servers. Carlo - you should add a few more "hacking techniques" like the exploits we are talking about here to your thread, here: [url]http://www.all-nettools.com/forum/showthread.php?t=24*4[/url] , so then people new to hacking will not have to ask "how do I hack this site ____", they can just check the list.

  7. #7
    carlo Guest

    -

    Yeah, if you looked at the bottum it said that im going to write more in the next few days.

+ Reply to Thread

Similar Threads

  1. RFI Exploits
    By mikemad23 in forum General discussion
    Replies: 1
    Last Post: 03-23-2008, 09:24 PM
  2. Finding Exploits
    By Moonbat in forum Programming
    Replies: 10
    Last Post: 11-07-2007, 05:41 PM
  3. Replies: 5
    Last Post: 01-24-2007, 11:34 AM
  4. * Question about exploits..
    By casman in forum Internet Privacy
    Replies: 8
    Last Post: 05-29-2006, 05:31 AM
  5. Exploits
    By RamsesXIII in forum Internet Privacy
    Replies: 9
    Last Post: 02-17-2006, 02:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts