Ask a hacker anything, old thread 404d going to sleep in an hour
Please do a in-depth story of how you would proceed to hack a site
Would begin with recon. I would analyze the site for what engine and framework it was running on. I would then get the host of the site and look-up any vulnerabilities in the framework the server was using. I would then begin with sqlmap in order to try and find a sql vulnerability and abuse that. Next would be XSS.
If still no luck then I would use a tool to find the admin login page and attempt to bruteforce it. Assuming it has a strong password and i'm still not in I would then use nmap to figure out the websites FTP and try and brute-force that. If after all of that none of the vulnerabilities exist in any of the frameworks or everything has strong passwords and cannot be dictionary attacked then I would write a large final report to my client explaining everything I have done. That is, assuming that was all legal.
Press the home button on your device
2. In the pop up that shows in the screen, click “start over” to start from the beginning.
3. After that triple click (3 times) the home button.
4. In the screen pop up , select the “cancel” option to cancel the activation screen from showing.
5. What you need to do next is triple click the home button again.
6. Select English/ any language of your choice in the language selection screen.
7. Select your country in the country selection screen.
8. The next screen is to select a WiFi network, click the next option to continue.
9. Press the home button again.
10. In the options that pop up, select the “emergency call” option.
11. If you have SIM card inserted on your device, remove it.
12. In the emergency call window, dial 112 and make the call.
13. You need to press the power button twice (2) as soon as the call is made, your device will be turned off and you will see only a black screen.
14. After the device starts, press the home button to continue our process.
15. Now you will be landed on the “Contacts” application screen.
16. The next thing you need to do is create a new contact.
17. Activate the voice control feature by triple clicking the home button.
18. In the pop up that shows, select the “block this caller” option by double clicking it(2).
19. In the next pop up, triple (3) click the “block contact ” pop up. Now you are on the home screen next open the FaceTime application.
20. In the Facetime App, You will see the Apple ID / email of the owner, Email him by making a request to disable the activation lock.
do you worship our lady and goddess ebola-chan?
Meaning like bruteforcing?
Look into sentry mba or hydra.
Unless you're looking to make your own tools?
Website hacking consists of SQL injection, cross site scripting and framework/engine specific vulnerabilites and 0day exploits.
requiring irrelevant or random data that would be filtered/calculated to be submitted along with the post, nesting functions within multiple source .js scripts and using eval to reconstruct an obfuscated dynamic URL that changes dependent on the 1024 character viewstate ID
...wait a minute.... lave backwards.. I thought you were trying to say it'd be evul.
like i said it's late.
carry on good sir. OP is not a faggot after all.
1. You don't necessarily use AJAX, actually. It can help for some exploitation, especially XSS, but that's not a key technology.
2. You question was fucking vague.
> Captcha : irontyt
>2. You question was fucking vague.
and he got it right anyway, I was just too tired to see it.
and of course you don't use ajax, I'm talking about cracking it, not using it yourself to secure something which it is awful for.
anyway, I apologize and anon can be comfortable that OP at least has some idea what he's talking about.
im off to bed
have not been here in a few years, did not know I could say it without the insta perma eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval eval feels good
Hi op here, this is illegal but for educational use i'll explain it.
You need a logless vpn which can be created by buying a serverbox with a os like centos and using openvpn to connect to it. You can then need to spoof your mac and preferably use a vm on top of all this. Then you use firefox with Noscript and disconnectme when buying/trading btc. It is a lot more indepth then this but i am way to fucking tired to write an essay
Not OP here, but I'm kinda good at using sqlmap.
First, sqlmap is NOT a scanner. It's an exploitation tool. You'll have a hard time FINDING an sql injection with it.
Find it first. Then use sqlmap to exploit it. Is that what you're doing ?
Depending on what cr/hacking they are doing. They will come against AJAX if they are trying to penetrate a website. Yet they will never see it if they are trying to take access in systems or networks.
Check out the tutorial I linked (OP here).
The link is encrypted in base64, just decrypt it for the link and thatll show you how to use sqlmap on a exploitable link..
If you want to find an exploitable link they I would google sql injection basics for learning what error codes to look for.
Well, you use sqlmap -u URL at first, then you tune it.
But like I said, don't use it for scanning, only for exploiting. Do you know how to find an sql injection ? Are you familiar with them ?
What are you top 5 essential network tools?
First, you can start by downloading vulnerable webapps or systems. A lot are available. Then practice on the wild.
I use nmap and commlink for wifi. Good times.
Also, one more question before bed. Do you think it's possible to gain access to networks on a mobile (smart) phone, Jailbreaked or otherwise? And what would be achievable?
You're top OP.
Get parameter ' ' is PostgreSQL >8.1 stacked queries' injectable
and after a short amount of time:
Connection timed out to the target or url proxy, sqlmap is going to retry the request
Matters the phone, most everyday android phones do not have a network card capable of injecting. If you google aircrack for android you'll see a list of phones with network cards strong enough for cracking WEP, WPA is a whole nother story since you'll need a nice large dictionary.
See you again on here soon Lave. Nice talking
Try using a website like downforeveryoneorjustme dot com to check whether the site is down or not. You might also have broken it.
It can be possible, yeah. But it's not really doable. They'll most likely notice something went wrong and you'll get in trouble.
Don't know, I'm not into phones.
You don't. Get the password of the account : guess it, retrieve it on the victim's computer, blackmail him/her, install a keylogger on her computer, etc... but you won't hack into one random account.
There are several ways to deface a website. One very convenient is to attack DNS. You take over the mailbox used for DNS registration and you change the IP address to a server you control. Then, clients will be redirected to your website.
Other way is to hack into the website and change the index page.
Not very hard, actually. It requires some network knowledge, do you have them? OSI model, network stack, TCP states, etc. ?
This is not very hard, actually. This is just some theorical shits that look boring and useless at first sight but will help you alot in the future.
This is a pretty vague question. There are several ways.
First, you can try to find some dangerous content on the website. Sometimes (often), some configuration files, or logs are available and admin forgot them. You can sometimes find enough information to log as admin.
Otherwise you have to use an applicative vulnerability, such as XSS, SQL Injection, CSRF, File Upload, File Inclusion, espace shell, etc... Those are know bad programming practices that lead to vulnerabilites. It allows an hacker to exploit them and eventually to figure out the admin pass, and/or gain access to the underlaying OS.
Programing is quite boring, actually. This is a good way to start getting into computer science, because it's fun. But hacking is more interesting.
I've been programer for 4 years, and I moved into hacking.
Thank you op. Won't bother you anymore. You've been useful.
Here is classy doge for you.
To hack a site, you first have to know it. Identify the languages in use, the HTTP server, to OS, the other services. Also understanding what the website does, if there's an authentication, a password-recovery features, etc. Then you figure ou how you can attack it. Then you try.
Try OWASP at first. Very reliable sourdce of knowledge for web hacking.
For instance, SQL Injection : https://www.owasp.org/index.php/SQL_Injection
Read this website, and every time you encounter something you don't know, learn it. It's a little bit hard and slow, but it's efficient. You'll understand things better and better.
Also, try things. You wanna learn SQL ? Ok, install a MySQL on you Linux computer and start doing some SQL. Create a database, create tables, insert things, retrieve them, etc.
TRY things. And train. With vulnerable webapps (there are a lot on the web, like webgoat).
You won't be hired if you know nothing. You should be afraid not to find a job, actually, before being afraid to lose it.
Good pentesters are not easy to find, so bosses have to hire beginners and train them, you know.
And anyway, the fear of failing is very bad. DO things. Just do it. Learn, and become an hacker. Then you'll find a job as a pentester.
When did you start to learn hacking/programming?
And how old do you have to be to actually start doing that?
I'm actually pretty young, but very interested in computer science and i know a bit of programming
>When did you start to learn hacking/programming?
Several years ago now, I graduated in computer security in 2008. But I really focused on hacking 3 years ago.
>And how old do you have to be to actually start doing that?
I began this job at 30, I'm 32 now.
>I'm actually pretty young, but very interested in computer science and i know a bit of programming
How old are you ? The best way is the school. Go to College.
Oh ok, you're very young.
In highschool, just do things at home, by yourself. Install Linux and start learning, try things, etc.
In high school you'll be able to choose computer science and get graduated.
I actually installed linux on virtual box, got into some databases that i made, but i can't really do anything with sqlmap if i escape the string, i need to practice.
Where are you from, anon?
Linux is not gay.
Each one has its own purpose. Windows is OK for random people, but this is crappy when you start doing things. Something is especially painful with Windows : networking. FFS, it's a shame.
Cellco Partnership DBA Verizon Wireless, obvisouly
im kinda like that kid. I know some c++ shit and thats about it. Cant exactly install and learn about linux cause i dont have lots of computers, maybe i should get some virtual software, know any good ones?
Verizon can be social engineered.
It's harder than before, but you can still do it.
You can get shit like name, address, last 4 digits of ssn, etc.
Just google social engineering verizon
Yeah, always. I also look at laptops very closely.
Doesn't matter if you're good at understanding them.
Well, everything sounds normal to me. If you escape the content of a parameter, you stop sql injection, this is the purpose of escaping a parameter, actually. So it's normal that sqlmap fails.
VMWare, qemu ,Virtualbox
Dual boot is even better.
But seriously, use linux. You won't learn shit before using it.
>Well, everything sounds normal to me. If you escape the content of a parameter, you stop sql injection, this is the purpose of escaping a parameter, actually. So it's normal that sqlmap fails.
How can i get past that?
I don't get the point.
To use sqlmap to exploit a vulnerability, you first need a vulnerability. You need a bad behavior. You need some var not being escaped before being used in an sql query. So if it's escaped, you're screwed.
But it depends on what you call "escaped", it depends if it's an interger value, it depends if there are quotes in your query, etc..
With sqlmap, you can use --technique switch to try getting a blind sql injection
command line interface
everything is better.
If you have limited or crappy computer, choose a Linux with no desktop (server version, with only command-line, it's way lighter).
No thanks, bro, it was just a present. No need to pay me with some porn.
There is a good SQL Injection section that should help you. It's important to understand what is an UNION SQLi, a BOOLEAN-BLIND SQLi, a TIME-BASED SQLi.
i understand that
>be me teen faggot in my early 20's
>know some networking
>just started to learn CLI environment so i can learn programming
but i feel like im missing alot
few months ago i wanted to start from scrap,as in
put some GNU/Linux destro and start playing in it till i learn how it goes
and after make my own OS from nothing,that way once i know how things work i can go further in programming
now my question is,should i first learn a programming language and do that after or should i just use linux and see from there where it takes me.
tl'dr clueless faggot wants to learn CLI and OS
My point was : programming languages are not very important. Pick up some language, like python and learn to deal with it. You just have to be able to build a program sometimes.
You have to learn everything. Programing isn't more important than SQL of networking, or HTTP protocol, or SSL cryptography. Everything is important. You have to figure out how most common things work. Not being an expert, but know them well. UNDERSTAND them well and in depth.
Here are some key points :
processes and memory
protocols (ftp, ssh, etc...)
Cryptography : hash, ciphers, SSL, certificates, keys, etc...
so many more...
Yep, I guess so.