site hacking

Researching, Proof of Concepts, Hacking, Console Modding and Hacking and more. No game hacking / modding here.
Post Reply
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

site hacking

Post by AXEVALENTINE »

hello everyone,this is my firs tipic here :) first of all i want to say sorry because my english is just terrible :D
so can anyone explain me how to get own this site ? http://legenda.wapop.org/ this is wap site..
any ideas ?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:depends what you trying to do, you should first use search and search thru the forum, there's lot about website hacking.
but explain what you're trying to do there.
i have 2 goals...
1- i am trying to hack in-game stats ( exp,coins) by webscarab but i am faced difficulties...
2-i want to stole script from ftp but its really hard for me... i have not enough knowledge...
i need someone to show me right way :)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:1 - WebScarab is indeed good tool to go, but might not show everything.
i recommend scan the website with some vulnerability scanner (google for them). good one to use is Acunetix web vulnerability scanner, but its not free. so buy or torrent it.
So you get some kind of overview of what is going on and if there are known vulnerabilites they will be shown in scanner.
Then you might also want to try other tools, like burp suite, paros proxy, wpe pro (yes it works on browsers too). There are few others but can't remember the names.

2. steal script from FTP? what exactly you mean?
FTP = file transfer protocol
not sure what you mean by "steal from ftp"
can you see the script somewhere on web page?
you know its somewhere in their system and need to find it?
explain more.
first of all i want to say thank you for answer :)
1- i will try scanners what u said and will write some results what i will got

2- when i said ftp i mean server where are saved website files like scripts... i know that it can be hacked if u hack admin ftp...
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

i scanned site via Acunetix web vulnerability scanner :) and i got many results :)
so please tell me what is that am i looking for exactly ?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:there is nothing specific, you have to go step by step, just read thru each vulnerability. if you don't understand the terms, google them.
not everything is real vulnerability, acunetix just gives you an idea how site works.
hacking a site needs lot of effort. lot of googling and patience is needed.

what exactly did you try with webscarab?
on some sites you can intercept the request and change values and they take effect. like on low security sites you can change the payment amount if you buy something and get something for 0.1 for example.
also in webscarab, there's option "reveal hidden fields", enable that.
i think that this site is low defenced ..
i will try something with webscarab
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

and also can you tell me other tool like webscarab ? ::) because i have problems with it :(
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:"i have problems with it" doesn't help at all, explain.
webscarab is one of the best tools of its kind and i did mention other ones.
I can't remember the name of the proxy i used, it had a quitar logo (yellow / orange / white).
might have been "Charles proxy" earlier version, try Charles Proxy.
but i still find webscarab most useful.

Also don't forget old good "firebug" extension for firefox. it comes in handy.
when i use webscarab and type webscarab's port/Ip AND BRowsers PORT/IP same....it cant connect internet error text : (ConnectionHandler.run): ConnectionHandler got an error : java.lang.NullPointerException
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:I don't understand what you doing.
what exactly is "browsers ip/port" ?
all you do, is get add-on like "proxysel" for firefox and add "127.0.0.1:8008" there
then you enable it and select WebScarab and it will work.
i saw your tutorial on knowledge base and try to do everything step by step...
when i connected to google and search something (your example is sethioz) webscarab opens several windows...after this i ignored them by abort requests and i am faced with this error

WebScarab encountered an error trying to retrieve

GET http://www.google.ge:80/search?site=&so ... sgaUjYC4DQ HTTP/1.1
Host: www.google.ge
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PREF=ID=61c47992060df6a5:U=fd0ab95803c967f9:FF=0:TM=1362774351:LM=1362774392:S=5h92wnSrXsNOOL7_; NID=67=OzslDqMywEy9TInfb3xBZRHlhzQOHUdDxrlyUyVmJ7Fiosx96rUcnyo9WBP_km38e9ghkaKM6hmV-HZRU8__vqYV25VKUTmA9cnNyVw3t3eMr5dUaFlHSv31qCAeLrc5; _GPL_it=1
Connection: keep-alive

The error was :

Request aborted in Manual Edit
at org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse(ManualEdit.java:237)
at org.owasp.webscarab.plugin.proxy.ConnectionHandler.run(ConnectionHandler.java:233)
at java.lang.Thread.run(Unknown Source)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:... duh
you need to go back to basics.

those "windows" that it opens are intercepted requests waiting for your action (i thought its common sense..)
it only told you that keep alive packet was not sent, because YOU did not send it...DUH!
you're the cause of the "error" because you did not choose action for "keep alive" packet so connection timed out.

you have to first understand WHAT webscarab is and what it can do .. before clicking everything and saying there is error.

and that thing at end ... are you checking for some plugins or updates? or WHY are you connecting to "org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse" ?
i don't know what you are doing, WebScarab works fine for me.
to me it seems like you just don't know how to use it, but i can't tell for sure.

if you believe it is not your fault, take screenshots of what you are doing or make video.
nii. i am not saying that i did everything well :) maybe its my fault...i will test it again
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

i have one question :( why is that i cant see whole function ? ( PICTURE IS FROM WPE PRO)
694db3ce3bdba6c2434ea6b8627504f3.png
this HEX includes some special symbols or what happen ?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:once again, you need to go to BASICS.
what you call "HEX" is ASCii ..
your knowledge is simply too low to go into these things, if you don't even know what HEX is and what packet is.
HEX contains only 0123456789ABCDEF, duh. there are no symbols.

its simple as that, you can't begin hacking if you don't know most basic things, like what is HEX and what is ASCii
yes,i know what contains HEX but... i have no idea why is that when i trying to decode some HEX i cant see whole text ( see my image) what is this ....(dots) ? why is that i cant see whole decoded hex ?
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: site hacking

Post by Sethioz »

lol ... i don't know what else to say.
AXEVALENTINE
Newbie..
Newbie..
Posts: 20
Joined: Wed Mar 06, 2013 1:54 pm

Re: site hacking

Post by AXEVALENTINE »

Sethioz wrote:lol ... i don't know what else to say.
BREAK YOUR MIND :d
Post Reply