What is Website Defacement?Case Study
Note: Only For Educational Only Purposes, Plz don’t try this on another website. I have not uploaded the full image due to security reasons. It is just a case study with an example.
What Is Website Defacement
Website defacement is an attack on a website that
Changes in the visual appearance of the site. These are typically the work of
System crackers, who break into a web server and replace the hosted website
With one of their own.
Terms:
[SQL] - Structured
Query Language
[LFI] - Local File
Include
[RFI] - Remote File
Include
[XSS] - Cross Site
Scripting
[RCE] - Remote Code
Execution
[AFD] - Arbitrary File
Download
[SCD] - Source Code
Disclosure
[PCI] - PHP Code
Injection
Defacement Techniques:
Domain Hack
FTP Protocol
IIS Vulnerable
Apache Vulnerable
Permission
Exploits
Script, Cookie, XSS
OS Vulnerable
Social Engineer
Hosting Control Panel
Forgotten Password
Trojan, Spy vs
SQL Injection
RFI
Tools for Web defacement:
·
Hydra
·
C99 Shell
·
phpbb_defacer
·
XSSShell039
·
Etc
Website defacement archive Sites
Website Defacement case study?
Target: http://www.babaharinath.com
To Use Brutus,
c99.php shell we have to go through the following steps:
1. Firstly we need to
Upload the c99.php shell file and Brutus
Application on the
The particular system (server system) and then target the web application let say www.babaharinath.com
And use the password from the commercial world list (a combination of
Passwords) and set type =FTP and choose keep connected with web for unlimited
Attempts.
After this, start Brut
Force attacks.
2. After getting an ID
And Password opens the Victim site in IE by typing
ftp.babaharinath.com and
Then click on the file and Login as above ID and Password.
3. Now upload c99.php
File in image or cgi-bin folder. After this again open IE and access http://www.babaharinath.com/image/c99.php
4. After this, choose
index.HTML file and click on edit option and then change the content as per
You wish.
5. Now with the help
Of c99.php shell file we can upload new content html, delete whatever we want
And even do anything in future without any password.
Posted By: Anshuman Kak
Comments
Post a Comment