Page 1 of 1

Website hack help

Posted: Thu Aug 16, 2012 5:38 pm
by spade
Hey im tryin to hack http://howtomodtf2onps3.webs.com/apps/forums/ trying to get a moderator account to access area 51. Any help on this would be appreciated Thanks!

Re: Website hack help

Posted: Thu Aug 16, 2012 7:58 pm
by Sethioz
can't bother registering, but i suggest you run scan using some web vulnerability scanner to get some general idea whats going on.
have you googled for webs.com exploits ?
have you googled at all ?
find out what site system webs.com uses and search google, maybe there are known exploits already.

otherwise its usual stuff, try cookie stealer, keylogger ..etc

Re: Website hack help

Posted: Thu Aug 16, 2012 11:59 pm
by spade
Yes I've tried googling I can't seem to find anything on what im looking for. The programs im using arnt getting me anywhere, but I am not so good at using them. It's proabaly something simple im overlooking

Re: Website hack help

Posted: Fri Aug 17, 2012 9:55 am
by Sethioz
as i said, find out what kind of website system it uses. that's the first thing.
Acunetix is quite ok scannner.
NetTools (made by Ahmadi) is quite good for some simple things, but you would first have to find something to exploit.
WebScarab can be used to exploit other things in website, but getting password hashes is not that simple nowdays.

Weakest link in computers is always the human factor, so i suggest you try exploit the human stupidity.
try sending a keylogger, use a cookie stealer ..etc
stolen cookie can give you access to admin / moderator rights and you can make quite of a chaos, you can't go to admin panel because it will ask for password, but you can still delete, rename, move ..etc

I have working cookie stealer here:
http://sethioz.com/forum/viewtopic.php?f=47&t=986

Follow the topic, it's all explained how to use it. if you have issues with that cookie stealer, do not post in this topic, post in cookie stealer topic.


There's also XXS (cross site scripting) and SQL injection that might work, those are most common, but again those hosting companies that offer a pre-configured sites are usually not so easy to hack. once someone exploits one of the site, most likely it gets reported and they will fix it.
For example on my website, i see every request made. if someone finds exploit in my site, i would see each detail what was done so i would know exactly how to patch it.