Brady

The other day a guy I’ve known for a long time came to me and said I need help taking down a site. You know a website he wanted me to help hack it etc. Well as I know how etc and with him being a mate I helped in out. So anyway how do you go about finding a way into a website? I find it easy if the website has server side languages. Eg PHP ASP etc. If it doesn’t have those you are not going to get in. Secondly find on the site if it’s running any public CMS or module or script of some sort. At first glance the site was purely html but after closer look there was a chat script installed called Flash Chat.

Next job is to search for known exploits. Sure enough there was a known remote file include vulnerability on the version he was running. That’s it we know we are in

So what’s next what do you do?? Well with this vulnerability you have a way to run php code or another language on the victim’s website remotely. Firstly you need to create the script that you want to use on his site and upload it to your web server as a txt file. Then run the vulnerability including the file you have made and hey presto you have a script of your choice on the victims website. With the exploit I uploaded a custom made script to the person’s website so the file was local and gave the url to my friend. Was like; there you go knock yourself out. This script is called a shell. These shells are very powerful scripts that let you do a whole variety of things on some ones website. I’ll let you look them up for more details: P

I’d just like to say that I ain’t a leet hacker. I use methods that have been found by other people etc. The only thing I used of mine was my custom php script to upload the shell for my friend.