[*]Introduction
Welcome to my step by step tutorial on how to hack a website using WebCruiser Scanner.
As always I will try to explain it in the easiest way so it will be n00b friendly.
I suggest you to practice "hacking" manually as using tools wont make your skills go higher.
Whatsoever there are lazy-ass guys :P who find it better to perform these attacks by tools.
Ok , first of all we need to download WebCruiser Scanner.
Download me here !
Note: If you need a serial code for the program , leave a comment here and I will generate one for you with your nickname, DO NOT PM ME.
_____________________________
________________________
[*]Let's start:
You will need a target , you can use google dorks to find vuln websites.
I won't bother on that part as there are billions of google dorks out there.
Ok , I found my vulnerable website:
Let's open WebCruiser Scanner and check the target for vulnerabilities like on the picture below:
![[Image: 6yqz.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u3PquQ400UCX8FBlPeGgeXThFcqWx5k4ZUDznn0KU0jxz5CVGBg9Y5C_P9cKvhyB7ecewlS2z9FkXhMc0XKm3uPlRIYfjTc0I0LML9d9NMBvA2=s0-d)
Then click Scan Site.
![[Image: uiba.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tzbYRHd2GFoF3lblWwHWXQMpT-yGbecUrp4Za5srTv2n1KQdG5u50_YFWfHYiCM_I-ZGoYi2kQAFeQZZb4IQupGtmcpD-LVqflMlKVGNetR_s=s0-d)
Now we will wait a minute or two , depends on you internet connection speed for the scan to finish , then we will see the results like the image below.
![[Image: 6f7u.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v6f6BTWFTCy_k8SmhpVC-kbOdv6zTZTrCNiLXwdRlSNcSsaV_h1m6pQz-J8y2fBbG4TodaDoTzbaj84-3KaoQiHI_h4GQhYB8Iek19LOihcS8=s0-d)
As we can see the website is vulnerable to Sql injection & XSS.
We will perform a SQL injection this time.
[*]Attack
Right click on the vulnerable url and then SQL INJECTION POC , now you
just need to follow the steps below.
I have explained step by step with pictures so it will be easier for you to understand.
![[Image: tIYUXPt.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tWze6M0MgdJhf8VyB8CwVdSFORnTfVoztOvMd5OmaZMrw_zMBbbJaHhqdrC4KAfRoVeGqnQ4y3sy1wo0sJuUEj=s0-d)
![[Image: Zz3KsjE.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_th3s9vPD7z5pNMFN4iM-uC6ew2LMuxrbOTrzO1VDiiz0Rs7hnG_MKsxpaOg9oW6wO8gl1OT2kmdX-yD5PQ5D0e=s0-d)
![[Image: phfVa9g.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_s4oeBsJZPxVQjaI7PBOTqKK817Kv5fx1yEMB33F8uX8mV4STbUWFvQoY4uVbutFcWXeHPVhzTj995uYiJF9NI01g=s0-d)
![[Image: 3YvtmUW.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tQSjEi5fKLXa5qN60EWCGXadNfOuK4se394AXT6O7za0q44PN_0KPMNj95ww2yAMrhAF1ug-H92t8I4q7-b-odkg=s0-d)
![[Image: Gxoh9BY.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v3Vnn9Xa0DYlrxBM5mUlB-y_OE_qknz3irprcVDyPrSt4VniF2b4d-fDkqsGsTe9SRFccAm10l0GD8Qva6s4Cy5g=s0-d)
![[Image: mjqc.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tHcH9jv4M1VlYMceCj-r55o1jGP4oI73OT8lqiPP-bDT93LFQ05Xq_MQ7EQJpk-Ib7EEiiRTdBjxG41ZKC2IHdeZPyX8E5dx75mAA5x-iG=s0-d)
So that's all guys , we got the admin info in just 5 minutes :>
Welcome to my step by step tutorial on how to hack a website using WebCruiser Scanner.
As always I will try to explain it in the easiest way so it will be n00b friendly.
I suggest you to practice "hacking" manually as using tools wont make your skills go higher.
Whatsoever there are lazy-ass guys :P who find it better to perform these attacks by tools.
Ok , first of all we need to download WebCruiser Scanner.
Download me here !
Note: If you need a serial code for the program , leave a comment here and I will generate one for you with your nickname, DO NOT PM ME.
_____________________________
________________________
[*]Let's start:
You will need a target , you can use google dorks to find vuln websites.
I won't bother on that part as there are billions of google dorks out there.
Ok , I found my vulnerable website:
Code:
http://www.target.com/vmarket.php?id=17Let's open WebCruiser Scanner and check the target for vulnerabilities like on the picture below:
Then click Scan Site.
Now we will wait a minute or two , depends on you internet connection speed for the scan to finish , then we will see the results like the image below.
As we can see the website is vulnerable to Sql injection & XSS.
We will perform a SQL injection this time.
[*]Attack
Right click on the vulnerable url and then SQL INJECTION POC , now you
just need to follow the steps below.
I have explained step by step with pictures so it will be easier for you to understand.
Image has been scaled down 15% (814x505). Click this bar to view original image (954x591). Click image to open in new window.
Image has been scaled down 16% (814x504). Click this bar to view original image (961x594). Click image to open in new window.
Image has been scaled down 17% (814x469). Click this bar to view original image (975x561). Click image to open in new window.
So that's all guys , we got the admin info in just 5 minutes :>
0 Comments:
Post a Comment