Website Takeover 101


Dread

0
Rep
2
Likes

Eleaks Member
 
Posts: 9
Likes: 2
Joined: Mar 9, 2021
Credits: 2


Offline
So you wanna Take over a site and make it yours? Well Instructions are simple And i hope its not too hard for you.
Introduction: Website take over is common but the most desired way to get data VIA the term malicious actor, When preforming such attacks for the best anonymity and speed I suggest using a linux based OS Such as Kali, Parrot, Backbox, They are easy to install and can be ran using a VM such as virtualbox.
Requirements: For takeover The Things you want to have are 1. Patience 2. A proxy that can't be traced back or a VPN such a NordVPN 3. SQLmap (Highly recommend) 4. TRUST YOUR OPSEC! 5. have some knowledge on how to use SQLmap and website vulns.
Now that we have that settled lets start.
1. Find a vuln website. We can do this via google dork such as:
inurl:"" & intext:"you have an error in your sql syntax" or php?id=
When you find a site at the end will be, ID=23 or some other id number, add a ' to the end of it and if it gives a error than its vulnerable.
2. Turn on a VPN or use a proxy Go to sqlmap and do: sqlmap -u websitelink.com --dbs --dump --random-agent We will be dumping it To dump all user data + Check for a admin password

3. when The dumping process is over Check the database by going to the sqlmap directory (it should tell you after its done dumping) and clicking on the website name. Check for something that has Data or Until you find something along the lines of a admin password. When you get to the CSV file There will be a hash that you will need to crack BUT there is a exception Go to https://crackstation.net/ paste in the hash And see if they have it in there DB, This always works for me instead of wasting more time cracking. But if They dont have the password Then download JackTheRipper and also download a wordlist such as rockyou.txt. and try and crack it.

4. When you get the password then you can login as admin on the website! Login by adding /admin after the website url. put in the username + password and when you login, You can now fuck around with the website. I suggest uploading a webshell so you can have access to all files and also delete everything if you are a little goblin. Webshells i suggest are c40, c99, b374k.

Congrats, easy and simple.
 

mr poison

0
Rep
0
Likes

Eleaks Member
 
Posts: 2
Likes: 0
Joined: Jul 22, 2021
Credits: 1


Offline
So you wanna Take over a site and make it yours? Well Instructions are simple And i hope its not too hard for you.
Introduction: Website take over is common but the most desired way to get data VIA the term malicious actor, When preforming such attacks for the best anonymity and speed I suggest using a linux based OS Such as Kali, Parrot, Backbox, They are easy to install and can be ran using a VM such as virtualbox.
Requirements: For takeover The Things you want to have are 1. Patience 2. A proxy that can't be traced back or a VPN such a NordVPN 3. SQLmap (Highly recommend) 4. TRUST YOUR OPSEC! 5. have some knowledge on how to use SQLmap and website vulns.
Now that we have that settled lets start.
1. Find a vuln website. We can do this via google dork such as:
inurl:"" & intext:"you have an error in your sql syntax" or php?id=
When you find a site at the end will be, ID=23 or some other id number, add a ' to the end of it and if it gives a error than its vulnerable.
2. Turn on a VPN or use a proxy Go to sqlmap and do: sqlmap -u websitelink.com --dbs --dump --random-agent We will be dumping it To dump all user data + Check for a admin password

3. when The dumping process is over Check the database by going to the sqlmap directory (it should tell you after its done dumping) and clicking on the website name. Check for something that has Data or Until you find something along the lines of a admin password. When you get to the CSV file There will be a hash that you will need to crack BUT there is a exception Go to https://crackstation.net/ paste in the hash And see if they have it in there DB, This always works for me instead of wasting more time cracking. But if They dont have the password Then download JackTheRipper and also download a wordlist such as rockyou.txt. and try and crack it.

4. When you get the password then you can login as admin on the website! Login by adding /admin after the website url. put in the username + password and when you login, You can now fuck around with the website. I suggest uploading a webshell so you can have access to all files and also delete everything if you are a little goblin. Webshells i suggest are c40, c99, b374k.

Congrats, easy and simple.