Thursday, 2019/01/17, 11:37 PM


Main
Registration
Login
Hackersoft Welcome Guest | RSS  
Site menu

Our poll
Rate my site
Total of answers: 11043

Statistics

Total online: 1
Guests: 1
Users: 0

How to Defaced a Website

Reminder: This site never encourage anybody to hack.. As we all know that Hacking is Illegal.. I share this tuts only for education purposes only..
Simple defacing tutorial for beginners.
Oh and before I start to all you 1337 people that think they know everything
Please don’t post saying sum stupid **** like “this **** if for noobs” blablabla.
Its supposed to be for noobs.

First your going to need any nice cookie editor.
I just use opera because it’s the fastest way.

Opera Web Browser(Possibility to edit cookies):
http://www.opera.com/download/

When you have downloaded and installed opera continue.

Lets start by some quick explanation what were going to do is use a simple ipb exploit to get any members hash code then were are going to log in using a method called cookie spoofing
With the exploit you can do many other stuff like get a members ip address, email, username.. etc.

The exploit were going to use woks on Invision Power boards 2.1.6 and any lower version.
Preferably 2.1.5 or 2.1.4.

Exploit:
First you will need perl installed:
http://downloads.activestate.com/ActivePer...-x86-148120.msi
Then Download My exploit package:
http://www.sendspace.com/file/iny0qq
OR
http://www.megaupload.com/?d=BZ9X9M0T


Ok when you have perl installed open my package.
Extract it anywhere you want. (exemple desktop) if you don’t have winrar just search on google.
Open the file you should see this:



Double Click on the file “Ipb Exploit fkn0wned”

How to Defaced a Website - Shaify Mehta

this is the gui for the exploit you will be using this to find the hash or info of the target.

Actual Defacing:
Ok now were onto the actual fun part !
Open opera browser.
Ok now we need to find a vulnerable forum, finding those some times aren’t that easy.
Go to
http://www.google.com and type in one of those(these are google dorks[vulnerable forums]):

Powered by invision power board v2.1.4
Powered by invision power board v2.1.5
Powered by invision power board v2.1.6
Powered by invision power board v2.1.3

We need to find out if its really vulnerable or unvulnerable, to do this you must first find a forum with the following:


How to Defaced a Website - Shaify Mehta
How to Defaced a Website - Shaify Mehta
When you have found a vulnerable forum its time to find the hash.

Put the forum url in the gui if that’s not already done.
Change the User_id to whatever member. To see member id’s click on a username and in the internet link it should show exemple:
http://www.blackbay.org/memberlist.php?mode=viewprofile&u=2 number 3 would be James’s (X0G) member id. (but use this on the vulnerable forum) **This will not work on Blackbay ROFL.

BARELYLIVING19 SON

When you have entered User_id make sure the options are set to like this:
How to Defaced a Website - Shaify Mehta

if everything is good click “Get date from database”
a hash should pop up where it says “Returned date:” (note: you cant crack this hash you can only cookie spoof all the hash’s will be salted)

Now you have the hash ! now whats left to do is to login in with admin or whatever user you choose.

First go to your vulnerable website and register enter all the information needed preferably not entering real info. ( if your not a retard )

Set a random username like : plorlt
set an email like:
a@hotmail.com ( it doesn’t have to be real I have a way of getting it without doing the email verify)

when it says an email has been sent to blabla just go back to the forum index and login.
When your in go to tools>advanced>cookies… now you need to find the vulnerable sites cookie you need to be logged in !
When you get to that cookie simple open the file and edit the Hash with the one you got with the exploit, and edit the member_id to whichever one you use to get the hash.

Then delete everything else in the cookie only member_id and hash is needed.

Click ok and refresh the page you should be logged in as your target ! 



Sign in

Calendar
«  January 2019  »
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031

IP

Copyright Hackerssoft © 2019