Website Hijacking – Complete Tutorial Part-1

Hello viewers!

This is my first post in this blog as I have been honoured by the admin of this blog as the author to add materials for the interested viewers.

Anyways… Before I start anything I would make sure that all the viewers are comfortable and enjoying the posts 🙂

Okay now lets begin with the topic I have mentioned above.

What is the first thing that comes to your mind when you see a topic like Website Hijacking ?? Do you feel like today after reading this you gonna hijack somebody’s website and bring the hell out of him?

lolz.. Well you can do that unless you are good at heart just to use this material for educational and awareness purpose and the most important thing is to safeguard your own website or your related website that may be your family business or someone close enough needs to be secured.

Alright as some of you may think why am I teaching you this and why is the topic name hijack if I recommend you to secure and not steal. Then let me tell you that the best way to secure yourself is to hack it yourself. You can provide yourself the best security only when you are good enough a thief 🙂

Well so here I begin with a motto to teach you guys how to secure yourselves.

Shall I ??

Okay! Here I go…

Every website that you visit or every website that is completely well available in the net obviously has somebody controlling it. I guess you call the guy ADMIN ?

Alright so does the admin sit there at the other end and wait for you to enter login ID and password and then check it out with his collection and allows or denies permission to access ?

Is it the case ?

Obviously “NO” would be the reply, the admin has a control panel as in case of your PC you have a control panel where you have designed and predefined things to manage your system. The same goes here the control panel is the mother of any website where the admin acts as a very good obedient kid. The control gives a database to the admin to store all the ID’s and passwords and when you try logging in you enter the ID and password which is then approved by the website database storing the ID’s and passwords.

Hence we all know that human are more intelligent than machine as we created machine so we can cheat the machine, that is we bypass the database procedure in some cases and in some cases we cheat the machine and upload our shells or deface the website or in some cases the worst is we poke and poke and poke the database using database management system technique and steal all the information from the database and gain access to the website. Have you guys not seen movies where one guy gets the other guy drunk and flatter him and acquire the required info ? That is the same in this case 3 too. We name this cases like the first case is called kidding where you bypass the asp governed sites, the second is XSS (cross site scripting method) and 3rd is the SQLi (my sequel commands injection).

Now how many of you are aware of binary coding ?

Well I am here for the one’s who haven’t yet.

Binary coding is in terms of 0’s and 1’s for every single thing we type as this is only what the system understands actually. even for ON ad OFF its o for OFF and 1 for ON.

in case of TRUE-FALSE o for FALSE and 1 represents TRUE.

so we’ll move direct to the first hijacking method that is KIDDING or call it KIDDO method:

usually the admins are a bit more intelligent as they have been gifted with few extra pounds of brain by their mother, so they use their login page as followed by domain name:

/ADMIN

/admin

/Admin

/Administrator

/administrator

/ADMINISTRATOR.

Now whats the password how do we find that out? In fact who cares and why should we waste our limited pounds brain finding the password for an asp governed website when we can simply bypass the database.

Lets see how…

There are few gates that you must know before you attempt the bypass method:

AND gate and OR gate, as the name suggest AND similar to ADD (so this gate multiplies any two input and returns the output)
where as the OR gate adds the inputs and returns the output value correspondingly.

““““““““““““““““““““““““““““““““““`

Okay now understand these tables:                                                                                    `

                                     

““““““““““““““““““““““““““““““““““`

Now we bypass the password using these tables making the database to read this conditions instead of typing the password and then the machine converts it to binary and then checks it out, we simply give it the binary codes directly and make the machine check the condition and give us access!

Remember this bypass is for asp governed site only so lets take an asp governed site and show it to you:

Go to Google and search for  asp login site and type the username/user ID as types I have mentioned above and in place of password try bypassing it using this method.

0 ‘or’ 0 ‘=’ 0 and hit enter you are either logged in or denied, if denied then try

1 ‘or’ 1 ‘=’ 1 and enter 🙂

Enjoy this, you have the entire tables above 😉

Then XSS and SQLi are too big to be posted in this post so it will be posted in my next post following thing… Hope you enjoy by then 🙂

http://www.webstatschecker.com/stats/keyword/adminlogin_asp_pk

Here are some dorks that will avail you this kinda vulnerable websites. Copy and paste them in Google search!

"inurl:admin.asp"
"inurl:login/admin.asp"
"inurl:admin/login.asp"
"inurl:adminlogin.asp"
"inurl:adminhome.asp"
"inurl:admin_login.asp"
"inurl:administratorlogin.asp"
"inurl:login/administrator.asp"
"inurl:administrator_login.asp"

cheers!!

Advertisements

10 Comments

  1. or may be you are lazy enough not to try all the combination i have mentioned in the table above as i have already mentioned humans created machine so the machine is always weak, infact it works every time i attack and i recomend please do not demoralise others who are interested enough to practise and not give up and try the combinations mentioned above as this is the best way to hijack any asp governed site as the pattern will remain the same for every asp governed site.. thank you..

    Reply

  2. Hey Ankit (NSM Techie), no trick is perfect bro…. You have to try all the methods if you want to hack anything which is targeted, but for random attack this one is good brother! And about the chances of getting them, well i can get you 100 sites vulnerable to this inject on the spot!

    Reply

  3. It’s impressive that you are getting thoughts from this article as well as from our argument made here.

    Reply

Tell us what you think

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s