THE MOST DETAILED VULNERABILITY TUTORIAL.(STEP BY STEP)

Vendor of: Paypal & Banks Logins + Cookies
Verified Seller
Hero Member
Joined
Aug 19, 2023
Messages
911
Reaction score
40,750
Points
93
General principles of hacking sites
By structure, sites are divided into three large classes:
  • in-house (hand-made of the HTML produced by the static generator Jekyll type or collected in the program-the designer of the type Adobe Dreamweaver)
  • made online designers (mostly web-site without any databases, and transmitted fields)
  • working on CMS (Content Management System, the content management systems).
There are still a homemade CMS, created for a particular site, but it has now become a rarity to afford support system can be the most large resources, and justify the related costs is not easy.At the heart of most modern websites — ready engines. For example, Xakep.ru no exception: it runs on the popular WordPress (at least for now ).

From the point of view of the attacker, engines sites are no different from other services. Their source code is usually shared, and any researcher can analyze his mistakes, including gaps in security. Therefore, CMS-based websites often become the victims of targeted attacks. Often they break EN masse.

This hacking is automated and usually proceeds as follows: the attacker finds the vulnerability (or just Google for something fresh). Then he makes a exploit or take the ready-made and writes a specialized bot. This bot searches for the specified hole at all sites running in a given range and trying to exploit it.

It would seem, for protection against auto-attacks or just to keep your software up to date, but in reality, CMS is cluttered with different additions, and to keep track of all becomes difficult.

When pentasa is a somewhat different task — to check a particular website for vulnerabilities. This is what we will talk.

Intelligence
Before trying to attack a target, you need to collect information about it. For this is good tool WhatWeb. This utility provides detailed information about the CMS of the victim and used her web tools.

Suggest to run WhatWeb key and, pointing after him, the value of 3 or 4. The only difference between them is that in the second case WhatWeb scans and even their subfolders. Keep in mind that both options set aggressive method of surveys — with all the consequences, but rather "flows" to the server logs.

Here is an example run and the collected answers:

To see this hidden content, you must reply and react with one of the following reactions : Like, Love, Wow
 
Reactions: reema and flawedmangoes
  • Tags
    step step by step tutorial vulnerability