iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Where should I start?
  • C10Wn
    Posts: 16
    I am really interested in learning about website/forum hacking. Such as defacing, rooting, sql, LFI, RFI, Shells, etc.
    If anyone would be kind enough to teach me these please pm me or post here.

    Thanks in advance,

    -C10Wn.
  • mandi
    Posts: 207
    Hmm you are having tought's exactly like me,before some months i am also struggled exactly like you,for now i am feeling better,because i am tired of online materials,and i bought some nice paper books on web-exploitation,xss,sql
    ,use paper books for reading and install "damn vuln
    app " on your pc and start playing those attacks locally on your pc,this is the best suggestion i can provide....

    Also if you have some interest start learn some coding languages like html,js,css,php...

    Will be handy for you in the future...
  • Bursihido
    Posts: 406
    start learning coding html,sql,css,javascript,php
  • Xin
    Posts: 3,251
    said:


    I am really interested in learning about website/forum hacking. Such as defacing, rooting, sql, LFI, RFI, Shells, etc.
    If anyone would be kind enough to teach me these please pm me or post here.

    Thanks in advance,

    -C10Wn.



    Just read lots of tutorials on them, it helps to know a little php to know why the exploit works,
    For more advanced web exploitation learn post and get requests so you can start fuzzing
    Xin
  • C10Wn
    Posts: 16
    Thank you all! I appreciate all the replies.
  • Xin
    Posts: 3,251
    No problem if you need any specific help just ask, and il make a video tut on it
    Xin
  • McKittrick
    Posts: 194
    do they still make whisker? that was a nice tool when it came to page page vulnerability assessments
  • Sh3llc0d3
    Posts: 1,910
    Whisker is deprecated, check out Nikto instead.

    See #70 on the list for whisker
    see #12 for Nikto
    http://sectools.org/tools3.html
  • McKittrick
    Posts: 194
    IAH---i never really cared for web testing. i was just curious if whisker was still around. i find the web so damn cluttered today with useless crap i tend to avoid it. i am just into network/protocol manipulation. never cared about defacing pages or anything of that sort
  • chroniccommand
    Posts: 1,389
    Don't become a skid. Half the things you listed are skid techniques. Learn to code. I recommend Python first, then C or C++ then something else. Learn Buffer Over Flows and stack "smashing" techniques. Read some of my tutorials // papers they may prove useful :P
  • C10Wn
    Posts: 16
    said:


    Don't become a skid. Half the things you listed are skid techniques. Learn to code. I recommend Python first, then C or C++ then something else. Learn Buffer Over Flows and stack "smashing" techniques. Read some of my tutorials // papers they may prove useful :P



    Yes, I remember your advice from hack forums when you helped me. I tried reading the guide you suggested to me, and I just couldn't stay focused on it. Are there anymore guides that you recommend.
  • Sh3llc0d3
    Posts: 1,910
    Whether you start with coding/buffer-overflows or not to be a good hacker/pen-tester you'll need to know the things you wanted to know originally anyway. LFI, RFI are easy enough to learn, when you've learned them you can then learn to upload a deface etc using the shell you've 'included'. Same principle with SQLi, it's just more involved than LFI and RFI.

    Rooting via the mentioned techniques is not much harder than defacing, it takes just more knowledge to do it and get away with it. You'll see plenty of tutorials on SQLi, practice that as it takes longer than RFI and LFI and then move on to them. LFI is alot more common in my opinion than RFI, I found a RFI vulnerability in a site a while back but it's as rare as rocking horse shit to find them on the whole. Using the right dorks helps. You could spend ages learning shells, so many different shells and so many features (mostly the same just reworded). Stick with a common one such as r57, c99 or GNY shell, most people use c99 shell. I'm sure there are decent rooting tutorials about, if you can't find a decent one when you need it i'll try and help you with a video tutorial when I get time.
  • McKittrick
    Posts: 194
    doesn't anyone like myself think that "hacking" has gotten too easy and automated with the release of tools like CANVAS/VAS/ and metasploit? i mean damn, you grab nmap, point it at a target (you can even have nmap randomnly create one!)scan it, then fire up msploit, then get your vuln list then run auto-pwn and you can then run around and yell "i own you--i am leet". please tell me others out there like myself think this stuff has gotten too damn simple. does anyone take the time while they are scanning to watch the traffic they are sending and coming back? do they watch wireshark captures of protocol fields after they run their msploit dll injection to see what is actually happening? i hope so, because that is how one truly learns
  • Sh3llc0d3
    Posts: 1,910
    said:


    doesn't anyone like myself think that "hacking" has gotten too easy and automated with the release of tools like CANVAS/VAS/ and metasploit? i mean damn, you grab nmap, point it at a target (you can even have nmap randomnly create one!)scan it, then fire up msploit, then get your vuln list then run auto-pwn and you can then run around and yell "i own you--i am leet". please tell me others out there like myself think this stuff has gotten too damn simple. does anyone take the time while they are scanning to watch the traffic they are sending and coming back? do they watch wireshark captures of protocol fields after they run their msploit dll injection to see what is actually happening? i hope so, because that is how one truly learns



    Hacking hasn't got too easy (I don't think so anyway), there are just alot of tools around that make traditionally hard processes easy for noobs to perform. Metasploit and NMAP definitely are at the top of the list. I hardly ever hear of people using packet analysis to analyse data crossing networks for example and yet i see it as the norm (it saves me a hell of alot of trouble when targetting systems).
  • Xin
    Posts: 3,251
    said:


    said:


    doesn't anyone like myself think that "hacking" has gotten too easy and automated with the release of tools like CANVAS/VAS/ and metasploit? i mean damn, you grab nmap, point it at a target (you can even have nmap randomnly create one!)scan it, then fire up msploit, then get your vuln list then run auto-pwn and you can then run around and yell "i own you--i am leet". please tell me others out there like myself think this stuff has gotten too damn simple. does anyone take the time while they are scanning to watch the traffic they are sending and coming back? do they watch wireshark captures of protocol fields after they run their msploit dll injection to see what is actually happening? i hope so, because that is how one truly learns



    Hacking hasn't got too easy (I don't think so anyway), there are just alot of tools around that make traditionally hard processes easy for noobs to perform. Metasploit and NMAP definitely are at the top of the list. I hardly ever hear of people using packet analysis to analyse data crossing networks for example and yet i see it as the norm (it saves me a hell of alot of trouble when targetting systems).


    Hacking hasnt got easy, using tools such as havij, metasploit etc are easy, but then thats not really hacking, try fuzzing and finding exploits for the latest versions of proftpd and tell me thats easy
    Xin
Add a Comment