Search This Blog

Saturday, June 2, 2012

How to hack UNHACKABLE site




Tools required:
Hacking Knowledge
GNY.Shell

DISCLAIMER:
THIS TUTORIAL IS FOR EDUCATION PURPOSE ONLY!!! YOU MAY NOT READ THIS TUTORIAL IF YOU DON'T UNDERSTAND AND AGREE TO THIS DISCLAIMER. ME AS AUTHOR OF THIS TUTORIAL NOT BE HELD RESPONSIBLE FOR THE MISUSE OF THE INFORMATION CONTAINED WITHIN THIS TUTORIAL. IF YOU ABUSE THIS TUTORIAL FOR ILLEGAL PURPOSES I WILL NOT BE HELD RESPONSIBLE FOR ANY ACTION THAT MAY BE TAKEN AGAINST YOU AS A RESULT OF YOUR MISUSE.

NOTE:
USE ANONYMOUS PROXY!!!


Introduction

Sometimes site that is your TARGET just isn't hackable. Even Acunetix Web Security Scanner can't find useful vulnerability. In that kind of situation the only thing that might work is to hack site (backdoor site) that
is on same server and through that site and through server to penetrate the site.


Finding Backdoor Site

To find backdoor site go to
Code:
http://www.domaintools.com/
and in Whois Lookup enter your TARGET site

[Image: 001bo.png]

As a result you'll get Whois Record

[Image: 002ndx.png]

Look for Reverse IP
In our case 25 other sites hosted on this server.
Click on it to see names of the hosted sites on the same server.

[Image: 003e.png]

You will see few of them, to see all, click on more... 

To see them all you must be a member.
You can easily Sign up for a FREE account by cicking on Create an Account >
(use some anonymous email service for that)
As a member you can see all 25 other sites hosted on that server.


Hacking Backdoor Site

Here we have 25 potentional backdoor sites and our target one.
Let's say after analysing we find that our backdoor sites No17 (as example) and target No22

[Image: 004bi.png]

Backdoor site can be any one from the list who can be hacked and sell uploaded

[Image: 005vg.png]


Penetrate Target Site

By cicking on var/ at www.backdoorsite.com we go straight to root of the server

[Image: 006yr.png]

Where we can find our www.target.com dir.
Sometimes premisions isn't drwx but dr-x which is more then enough to readconfiguration file.

[Image: 007az.png]

With data from that file we can hack unhackable site...

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment