site hacking

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.

site hacking

Postby AXEVALENTINE » Thu Mar 07, 2013 8:15 am

hello everyone,this is my firs tipic here :) first of all i want to say sorry because my english is just terrible :D
so can anyone explain me how to get own this site ? http://legenda.wapop.org/ this is wap site..
any ideas ?
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Sat Mar 09, 2013 5:47 pm

depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Sat Mar 09, 2013 7:05 pm

Sethioz wrote:depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.

i have 2 goals...
1- i am trying to hack in-game stats ( exp,coins) by webscarab but i am faced difficulties...
2-i want to stole script from ftp but its really hard for me... i have not enough knowledge...
i need someone to show me right way :)
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Sat Mar 09, 2013 11:44 pm

1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Sun Mar 10, 2013 8:02 am

Sethioz wrote:1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.

first of all i want to say thank you for answer :)
1- i will try scanners what u said and will write some results what i will got

2- when i said ftp i mean server where are saved website files like scripts... i know that it can be hacked if u hack admin ftp...
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby AXEVALENTINE » Sun Mar 10, 2013 2:48 pm

i scanned site via Acunetix web vulnerability scanner :) and i got many results :)
so please tell me what is that am i looking for exactly ?
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Sun Mar 10, 2013 6:56 pm

there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Sun Mar 10, 2013 7:22 pm

Sethioz wrote:there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.

i think that this site is low defenced ..
i will try something with webscarab
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby AXEVALENTINE » Sun Mar 10, 2013 7:32 pm

and also can you tell me other tool like webscarab ? ::) because i have problems with it :(
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Sun Mar 10, 2013 9:02 pm

"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Mon Mar 11, 2013 12:01 pm

Sethioz wrote:"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.

when i use webscarab and type webscarab's port/Ip AND BRowsers PORT/IP same....it cant connect internet error text : (ConnectionHandler.run): ConnectionHandler got an error : java.lang.NullPointerException
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Mon Mar 11, 2013 3:51 pm

I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Mon Mar 11, 2013 7:26 pm

Sethioz wrote:I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.

i saw your tutorial on knowledge base and try to do everything step by step...
when i connected to google and search something (your example is sethioz) webscarab opens several windows...after this i ignored them by abort requests and i am faced with this error

WebScarab encountered an error trying to retrieve

GET http://www.google.ge:80/search?site=&so ... sgaUjYC4DQ HTTP/1.1
Host: www.google.ge
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PREF=ID=61c47992060df6a5:U=fd0ab95803c967f9:FF=0:TM=1362774351:LM=1362774392:S=5h92wnSrXsNOOL7_; NID=67=OzslDqMywEy9TInfb3xBZRHlhzQOHUdDxrlyUyVmJ7Fiosx96rUcnyo9WBP_km38e9ghkaKM6hmV-HZRU8__vqYV25VKUTmA9cnNyVw3t3eMr5dUaFlHSv31qCAeLrc5; _GPL_it=1
Connection: keep-alive

The error was :

Request aborted in Manual Edit
at org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse(ManualEdit.java:237)
at org.owasp.webscarab.plugin.proxy.ConnectionHandler.run(ConnectionHandler.java:233)
at java.lang.Thread.run(Unknown Source)
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Mon Mar 11, 2013 11:12 pm

... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Tue Mar 12, 2013 5:04 am

Sethioz wrote:... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.

nii. i am not saying that i did everything well :) maybe its my fault...i will test it again
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby AXEVALENTINE » Tue Mar 12, 2013 1:57 pm

i have one question :( why is that i cant see whole function ? ( PICTURE IS FROM WPE PRO)

694db3ce3bdba6c2434ea6b8627504f3.png

this HEX includes some special symbols or what happen ?
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Thu Mar 14, 2013 4:55 am

once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Thu Mar 14, 2013 9:44 am

Sethioz wrote:once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii

yes,i know what contains HEX but... i have no idea why is that when i trying to decode some HEX i cant see whole text ( see my image) what is this ....(dots) ? why is that i cant see whole decoded hex ?
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Postby Sethioz » Thu Mar 14, 2013 9:31 pm

lol ... i don't know what else to say.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: site hacking

Postby AXEVALENTINE » Fri Mar 15, 2013 4:48 am

Sethioz wrote:lol ... i don't know what else to say.

BREAK YOUR MIND :d
AXEVALENTINE
Newbie..
Newbie..
 
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm


Return to PC / Website / Console / Others > Hacking / Cracking / Exploits / Research

Who is online

Users browsing this forum: No registered users and 3 guests

cron