Darksidehackers Web Hacking Kit(Defacing-Hacking)

I have put a lot efforts to prepare this article if you like it or not please post a comment.

Hello everyone.The aim of this article of mine is very simple i.e I want to provide you ready made list of tools(WEB HACKING KIT) that will be used by you or everyone of us to hack a web site in a planned manner.

Before this article I have published one or two such articles based on tools such as  Top 10 Password Hacking tools(Password Crackers)      Top 10 Hacking Tools  and List of top 15 Sql injector(hack and deface a website).

You can have a look at them.

(Note:This hacking Kit contains only tools that help you to hack web servers and websites i.e. no password cracking and other such tools.It is a web-hacking Kit)

In this article I'm providing you the best tools that are used for conducting a step wise website hacking i.e from port scanners(used in the very first step of web-hacking) to vulnerabilities scanner (used to find the vulnerabilities in web-servers and are used in last step in most cases.)If  you are totally a newbie in hacking field then i will suggest you to read my post related to hacking on this blog like.. 3 steps formula for hacking a Website.  and there are other of course. 

All the tools provided in this article will help in most of your web-hacking tasks.

Main points starts here......

1:-Now first step would be foot-printing and scanning i.e. to find more and  more about the server on which the website rely.

(For example:-

Port numbers that is open on the server,on which web-server website is running,OS name e.t.c)

I will not go into detail I'm just providing a idea of why you will need tools and what tools in this step.This step involve a lot of research that can be done manually and can also be find on net but why to do it manually when tools are there.

Tools for the first step:(these tools allow you to plan a attack on the server)

1:Nmap:This handy utility is used by most of the hackers out there.It is a command line utility that can do everything from a single ping sweep to a fully comprehensive scan of all open ports on server.It can even list the operating system running on the server.

Using this tools can be a painful experience for some of us as it is a command line utility and needs you to remember commands.

But don't worry they got you cover with Zenmap.It is a GUI front-end for Nmap that let us browse information provided by Nmap in a more richer and easy way.

2:SUPERscan:A windows only(it can scan servers effectively that are running windows and iis)port scanner,pinger and resolver.It is a free TCP/UDP port scanner.

It includes many good networking tools such as ping,tracer-route,http head and whois.It is very easy to use and provide a decent UI.

3:Angry IP Scanner :Angry IP scanner is a very fast and a handy IP address and port scanner.It can scan IP addresses in any range as well as any their ports. It is cross-platform and lightweight. Not requiring any installations, it can be freely copied and used anywhere.(you can take it on your thumb drive and can use it on any computer without worrying about the OS installed.)

It simply pings each IP address to check if it's alive, then optionally it is resolving its hostname, determines the MAC address, scans ports, etc. 

The amount of gathered data about each host can be extended with plugins.

It also has additional features, like NetBIOS information (computer name, workgroup name, and currently logged in Windows user), favorite IP address ranges, web server detection, customizable openers and many more. 

Moving to the second step:Scanning and Penetration(Find flaws -Exploit - Get Root access)

Find out the information about the server using the above mentioned tools(for example all the services are running on which system and on what ports and possibly at what privileges.)Now if you are a experienced hacker or know much about the ports,networking and security and if there are any vulnerable services running on the server than you yourself can point out the common vulnerabilities and can exploit them yourself(like i have mentioned in my article How to hack computers present on net.)

But on big and more secure servers that are protected from  most of the common vulnerabilities and also from the hard-coded vulnerabilities you can't simply exploit them manually until you are a super master in every field of computer(i.e. from programing to networking).

And when such a condition arises we need to use tools.

This step involves finding vulnerability for the operating system and services running on that server and then exploiting them to gain root access to that server hence hacking it.To discover flaws in the server and then exploiting them we need tools.

Tools list for the second step:-

1:Metasploit Framework:Metasploit is the best and mostly used tool available on net used by Ethical hackers and Hackers.This tools is top on the list in it's category since it's release.It is the best tool for finding flaws in the remote server and then exploiting them.The extensible model through which payloads,encoders and exploits can be integrated has made it possible to use Metasploit as an outlet for cutting-edge exploitation.

The makers of this tool keep updating this tool with latest exploits that can be used by many of us to hack websites.

2:Nikto:A more comprehensive web scanner,Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but it is not being updated from time to time and that's the point where it legs behind and also it is unable to detect latest vulnerabilities but it is a vital tool for old servers.

3:Whisker/libwhisker: Rain.Forest.Puppy's CGI vulnerability scanner and library Libwhisker is a Perl module geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favor of Nikto which also uses libwhisker.Using this tool one can try to hack a website by defining a cgi security hole.It is a great tool give it a try.

4:SQLER:It is the best tool that is used for scanning a website for SQL injection vulnerability that a website may contain and if a site contains then it will list the vulnerability and thus allowing you to exploit it. This great tool is also very simple to use,it takes a vulnerable URL and attempts to determine all necessary information to exploit the SQL injection vulnerability by itself,it  requires no user interaction.

Note:(These tool will only provide you a way to hack into websites and you need a thorough knowledge of networking and these tools to use them effectively)

After you have found the vulnerability whether it is an SQL,cgi or another type of vulnerability start to exploit.And once you get root access to the web-server do what you want to, there is no other tool that will assist you to do this and your talent is what that will lead you to a successful and meaning full hack.

Keep practicing hacking. By Ankit Mishra Darksidehackers.blogspot.com