Name: Fatima Bajwa


Email:  fatimabajwa302@yahoo.com


Contact No:  03331600781

I'm Fatima bajwa  Doing Software Engineering from NCBA. Currently me 6th semester is going on.

Website defacement

is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system crackers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti, although recently it has become a means to spread messages by politically motivated "cyber protesters" or hacktivists.


Common methods

The most common method of defacement is using SQL injections which allows gaining administrative access. Another method of defacement is through FTP once the username and password are obtained.
Defacements usually consist of an entire page. This page usually includes the defacer's pseudonym or "Hacking Codename." Sometimes, the Website Defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless and is only done to show off a system cracker's skills or for Hacktivism; however it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.

 

Common targets of defacement

Religious and government sites are regularly targeted by hackers in order to display political or religious beliefs, whilst defacing the views and beliefs of others. Disturbing images and offensive phrases might be displayed in the process, as well as a signature of sorts, to show who was responsible for the defacement. Websites are not only defaced for political reasons; many defacers do it just for the thrill. For example, there are online contests in which hackers are awarded points for defacing the largest number of web sites in a specified amount of time. Corporations are also targeted more often than other sites on the Internet and they often seek to take measures to protect themselves from defacement or hacking in general. Web sites represent the image of a company or organisation and these are therefore suffer significant losses due to defacement. Visitors may lose faith in sites that cannot promise security and will become wary of performing online transactions. After defacement, sites have to be shut down for repairs, sometimes for an extended period of time, causing expenses and loss of profit and value.

Steps

  • 1

1

Open the site you want to hack. Provide wrong username/password combination in its log in form. (e.g. : Username : me and Password: ' or 1=1 --)An error will occur saying wrong username-password. Now be prepared your experiment starts from here.
2

2

Right click anywhere on that error page =>> go to view source.

3

There you can see the HTML coding with JavaScript.• There you find somewhat like this....<_form action="...Login....">• Before this login information copy the URL of the site in which you are. (e.g. :"< _form..........action=http://www.targetwebsite.com/login.......>")

4

Then delete the JavaScript from the above that validates your information in the server.(Do this very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information)

5

Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> “there instead of "<_type=password>". See there if maximum length of password is less than 11 then increase it to 11 (e.g. : if then write )

6

Just go to file => save as and save it anywhere in your hard disk with ext.html(e.g.: c:\chan.html)

7

Reopen your target web page by double clicking 'chan.html' file that you saved in your hard disk earlier.• You see that some changes in current page as compared to original One. Don't worry.

8

Provide any username [e.g.: hacker] and password [e.g.:' or 1=1 --] You have successfully cracked the above website and entered into the account of List user saved in the server's database.

Warnings

  • Do the coding and changes very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information.
  • You are not logged in so your IP address will be recorded in this page's edit history. You may loginor create an account.
  • == Warnings ==
  • *Do the coding and changes very carefully, your success to hack the site depends upon this i.e. how efficiently you delete the java scripts that validate your account information.
  • [[es:hackear una página web con HTML]]
  • [[pt:Hackear um Site com Códigos Básicos em HTML]]
  • [[it:Violare un Sito Web Utilizzando Codice Html]]
  • [[de:Eine Webseite mit einfachem HTML hacken]]
  • [[fr:pirater un site Internet avec du HTML]]
  • [[nl:een website hacken met simpele HTML code]]
  • wikiHow is a collaborative writing project. You should expect other wikiHow community members will edit and build upon the writing that you submit here. By submitting your writing, you confirm that you wrote this content or have received permission from the copyright holder to post it here. In addition, you agree to our Terms of Use, and are willing to have your work released under a Creative Commons License.

                                         Hello, friends I hope you've been up-to my previous post : Brute Force Attack & Backdoor Website Hacking, In these two previous post - I was using DVWA + OWASP-BWA + Backtrack, that means two penetration testing lab with Bactrack hacking OS. It's cool, comfortable to hack using Bactrack or Kali Linux. As you know guys - we've posted many Penetration testing lab creation articles but yet we haven't posted any article that can help learner to connect Penetration testing lab with Backtrack or any other Hacking OS. Finally your wait is over, Read this Post.

Penetration testing lab with Kali Linux or (Backtrack)
If you're using Backtrack then it's good and if you've Kali Linux then too Good. Simply here you'll not require to install any OS on your system - you can do it on your present running OS. Just complete below requirements and you're done.

Requirements :
  • VM Ware Player [Download]
  • Kali Linux or Backtrack
  • OWASP-BWA Penetration testing lab [Install it now]
System Requirement :
  • Minimum 2GB RAM but (Recommended 3GB RAM)
  • 2.5 Ghz or Best in 3Ghz
  • Display minimum : 1024x768

What's new in this Penetration testing lab ? 
                  Well nothing is much new in this, but let me talk about some more addition and features - that can really helps you a lot for Pentesting.
DVWA + NOWASP (Mutillidae) + OWASP -BWA + Kali Linux + Windows 7 + OWASP Mantra Janus + Ghost Security + Web Goat =  Super Penetration testing lab. When all this Penetration testing lab will be one system & run at one time in Kali Linux or Bactrack - m sure it will definitely rock up hackers, learners & Pentesters. So Keep Calm & Proceed to next step.

Steps to Create Penetration testing lab
               It isn't too much hard to create Penetration testing lab with OWASP-BWA - Connect it with Backtrack or Kali Linux & Penetrate. Simply if you'll follow below all steps properly, you'll get success.

1. First of all learn to Install Kali Linux or Backtrack in VM Ware.
2. Now, Create OWASP-BWA Penetration testing lab in your system & Start it in VM Ware and at same time create one more Virtual Machine Kali Linux or (Backtrack), So it will start two Virtual machine with Dual Virtual Network.

3. 1st Network = OWASP-BWA Pentest lab. 2nd Network = Kali Linux or Backtrack

4. It will definitely eats up your RAM & CPU so I'll recommend you to stop all background process to speed up system & gain more memory & CPU 

5. We're using two OS with three two virtual network + One Original Non-Splitted Network of your current running OS. Well you can also pentest on your current OS using Backtrack Metasploit, Reverse Engineering, Brute Force, Cracking attacks.
6. This tutorial is simply very easy, Just be patience while Installing VM Ware & you'll require to read my previous Penetration testing lab tutorials & Articles. 


Fore more Gazing Hacking related Articles Stay connected with us on our Official Facebook Group - Research Lab : Hack w0rm :. Please share it & Increase us, & Always feel free to comment and let me know your Problem.



  •  Hello friends, we've already wrote couple of articles on SQL Injection Hacking Website with easy steps, and Click here for more. Today's post is about Hacking website Database through MySQL Injection - (Backtrack SQLMAP) Technique.

    Requirements :
    • Backtrack or Kali Linux
    • DVWA or (Best Penetration testing lab in Backtrack/Kali)
    • Mozilla Firefox with Tamper Data 
    • Brain
    As you know guys our all post is pure ethical hacking. So here today we'll learn how an attacker can get complete database of any MySQL Vulnerable website just with simple techniques. Victim - (DVWA)

    SQL Injection attack through Backtrack - (SQLmap)
    • Start your Backtrack with DVWA - Penetration testing lab in Backtrack
    • Login DVWA and Click on [SQL Injection] Tab and Security level on [Low]
    Click on Image to enlarge it
Start Tamper Data and Click on [Start Tamper]
Click on Image to enlarge it







Back to DVWA - SQLi : Enter 1 into user id and [Submit]
Tamper Data Pop-up -> Click on [Tamper] and Copy entire cookie and paste it in one text file. Next click on Ok - come back to dvwa : again copy entire URL.
                                                                                   Click on Image to enlarge it

Copy Entire URL
Copy all data in one text file we'll modify URL, 
Cookies and Some others Sqlmap commands : 
So here i created one image follow it and change copied data into sqlmap commands :

* First of all Copy URL and Cookies into Text file
* Modify cookies and remove some unwanted cookie
* Finally Just add some simple sqlmap commands
Understand with this Image : Click to enlarge it

  • Now start Sqlmap automatic SQL Injection tool :
Backtrack> Application > Exploitation tools > Web Explot. tools > Sqlmap

Now it's time to understand that sqlmap commands : we're using cookie and submit button value as parameter and injecting command through sqlmap.

Copy entire command into SQLmap terminal and hit Enter :  - 
Wait...! until it scan web server database and search for injectable parameter, And finally we found Website Database :

Click on image to enlarge it
Cool, we got Database now it's time to dig more and harvest information, Tables, columns, data, username, passwords etc. again we've to modify small part of sqlmap commands : Just remove string and dbs from command and add database name and get table injection commmand :
Click on image to enlarge it
Write that command and hit enter so, you'll get Tables from dvwa database. 
We found users table, now we've to dig more and harvest USERS columns.

Click on image to enlarge it
Well, m teaching you complete tutorial so please try to understand all commands and injection methods : here we go and got table Columns.


Click on image to enlarge it
Fine, we're going smoothly and the last step left is to extract complete username, password, id and etc.. so the last command is just replace --columns with --dump

Click on image to enlarge it
Enter that command wait for 20 Seconds and you'll get complete table, user, column and data like username, password, id, avatar, etc.!

Click on image to enlarge it
So finally we extracted data and now we got RAW text password with MD5 Hash.. don't worry sqlmap already cracked all MD5 encrypted passwords.

Thank you for reading this post, Please share it to increase us and share knowledge, always feel free to comment and let me know your problems and doubts. You can also follow me on Twitter or Hackw0rm Fb page to get daily hacking stuffs, tricks, etc.
Hello, Friends this is an Exclusive post of Hack w0rm by The 3XPloiters & Hack w0rm Team, really you gonna love this Post. So be ready for something new : I've already posted : Brute force attack to hack G-mail Passwords : & I got a great success in it. So now I'll show you how can you brute force Web forms & hack or (Crack) website admin password.

What is Brute Force Attack ?
                  A password attack that continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries all available words it has to gain access to the account. Brute force attack is commonly used to gain access to Software/Program or any Web Content, Server, Account etc.

Requirements :
  • DVWA Penetration testing lab.
  • Backtrack or Kali Linux
  • Brain
Brute Force attack Tutorial :
              First of all : This is completely for Educational Purpose only, as you know that we're Ethical Hackers - we always use Penetration testing lab, to learn, Exploit, Create, Teach & Research.

1. I'm using DVWA Pen-test lab for tutorial : Suppose m user at DVWA website with the username as gordonb & Password : abc123 - & my task is to hack website admin password. & Here we go...!

2. Cool! Now Download Tamper Data Ad-don for Firefox [Download] & Start Tamper Data.
- See more at: http://hackw0rm.blogspot.ie/2013/06/Brute-Force-Attack.html#sthash.kfGm56Uo.dpuf