Pay attention: This 'How To' article is written strictly for educational purposes only, to bring people closer to the knowledge of hacking whitehat, that is, techniques to violate a site in a legal way, or to see how hackers work, in a way to better protect their sites. This tutorial will give you instructions on how to access many websites that offer low protection.
Steps
Method 1 of 3: Use Scripting Cross Site (XSS)
Step 1. Find a vulnerable site where content can be posted
A bulletin board is a good example. Remember that if the site is secure, this method will not work.
Step 2. Go create a post
You will have to type a special code in the "post" which will capture the data of everyone who clicks on it.
We recommend that you check if the system filters the code. Publish alert ("test") (but remove the quotes). If a warning window pops up by clicking on your post, the site is vulnerable to attack
Step 3. Create and load your cookie catcher
The goal of this attack is to capture a user's cookies, which allows them to access their account on websites with vulnerable access. You will need a cookie of type catcher, which captures your target's cookies and redirects them. Upload the catcher to a website that you can access and that supports the php language. An example of such code can be found in the example section.
Step 4. Publish with the cookie catcher
Enter a correct code in the post which will capture the cookies and send them to your site. It will be better to add some text after the code to reduce suspicion and prevent your post from being deleted.
An example code could be the following: (but you have to remove all the dots)
Step 5. Use the cookies you have collected
After doing this, you will be able to use the cookie information, which will be saved on your site, for any purpose that is necessary.
Method 2 of 3: Perform Injection Attacks
Step 1. Find a vulnerable site
You need to find a site that is vulnerable, due to a flaw in the easily accessible admin login. Try Google for “login.asp admin”.
Step 2. Log in as an administrator
Type admin as the username and use one of many different password strings. This can be a number of different strings, but a common example is 1 'OR' 1 '=' 1.
Step 3. Be patient
This process will likely take some trial and error.
Step 4. Log in to the website
Eventually, you should be able to find a string that allows admin access to a website, assuming it is vulnerable to attack.
Method 3 of 3: Prepare for Success
Step 1. Learn a programming language or two
If you really want to learn how to hack websites, you need to understand how computers and other technologies work. Learn to use programming languages such as Python or SQL, so that you have the best possible control of computers and that you can identify vulnerabilities in systems.
Step 2. You need to be familiar with the basics of HTML
In particular, it would be better to have a full understanding of the interaction between HTML and javascript if you want to be able to hack certain websites. It will take you a long time to learn, but you can find many resources online, including free ones, so if you want to take advantage of them, you will certainly have the opportunity to do so.
Step 3. Consult whitehats:
it is hackers who use their skills for beneficial purposes, discovering security vulnerabilities and making the Internet a better place for everyone. If you want to learn hacking techniques and use your knowledge for beneficial purposes or to protect your website, you may want to check out some whitehats that are in business for helpful advice.
Step 4. Research hacking
Whether you want to learn how to be a hacker or you just want to protect yourself, you will need to do a lot of research. Websites can be vulnerable in very different ways, the list of which is constantly changing, so you have to study constantly.
Step 5. Keep up to date
Since the list of possible vulnerabilities is constantly changing, you will need to keep yourself up to date. Just because now you are protected from a certain type of hack does not mean that you will be safe in the future!
Advice
Visit hacker forums to get tons of helpful advice
Warnings
- Hacking is illegal. If the police find you, it's your fault.
- If you intend to try hacking in the real world, disguise your IP address using software available online.
- If you read this article you will certainly not become a hacker immediately. You will need to cultivate your skills and get lots and lots of exercise.
