How to Hack a website
First find a Vulnerable Website?
Common Methods used for Website Hacking
There are lots of methods that can be used to hack a website but most common ones are as follows:
1.SQL Injection
2.XSS(Cross Site Scripting)
3.Remote File Inclusion(RFI)
4.Directory Traversal attack
5.Local File inclusion(LFI)
6.DDOS attack
Tools:
Acunetix:
Acunetix is one of my favorite tool to find a venerability in any web application It automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.
Nessus:
Nessus is the best unix venerability testing tool and among the best to run on windows. Key features of this software include Remote and local file security checks a client/server architecture with a GTK graphical interface etc.
Retina:
Retina is another Vulnerability Assessment tool,It scans all the hosts on a network and report on any vulnerabilities found.
Metasploit Framework:
The Metasploit Framework is the open source penetration testing framework with the world's largest database of public and tested exploits.
With IIS Exploit we can upload the Defaced page on the Vulnerable Server without any Login. It is most Easiest way to Hack any site.
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08 002B30309D}\::{BDEADF00-C265-1
1d0-BCED-00A0C90AB50F}
Now A Folder named "Web Folders" will open.
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http:// victimsite .com/" and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
Now to view the uploaded site i will go to " http:// victimsite .com/ securityalert.tx t"
In your case it will be " www.[sitename].com/[file name that you uploaded] "
Enjoyy!!!!!
STEP 1: Click on Start button and open "RUN".
STEP 2: Now Type this in RUN
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08
Now A Folder named "Web Folders" will open.
STEP 3: Now "Right-Click" in the folder and Goto "New" and then "Web Folder".
STEP 4: Now type the name of the Vulnerable site in this. e.g." http:// victimsite .com/" and click "Next".
STEP 5: Now Click on "Finish"
STEP 6: Now the folder will appear. You can open it and put any deface page or anything.
STEP 7: I put text file in that folder. Named "securityalert.txt" (you can put a shell or HTML file also). If the file appear in the folder then the Hack is successful but if it don't then the site is not Vulnerable.
Now to view the uploaded site i will go to " http:// victimsite .com/ securityalert.tx t"
In your case it will be " www.[sitename].com/[file name that you uploaded] "
Enjoyy!!!!!