Content:

1. Preposition
2. Our target
3. SQL Injection
4. XSS
5. RFI
6. LFI
7. HTMLi and SSi
8. Nmap Scan
9. Searching the exploit
10. Run the exploit
11. Shell
12. Root
13. Decryption
13. FINISH

The pictures are to small. You have to click them 2 times.

1. Preposition

I've seen hundreds of threads asking the same questions. I hope I can explain most of them in this huge thread.
English isn't my first language, so excuse me for any grammar mistakes. It took me some time to write this thread, so
please leave a reply if you liked it or not. I didn't cover every attacking method, because there are already very good
tutorials. I just put the download link. All credits go to the authors, most Team Intra.

2. Our Target

We have to find a target. You can use a random website, Google dorks or tools like Sql Poizoner. Make sure you use
a VPN and perhaps MAC spoofing, Proxies.

3. The most popolur hacking method on HF is SQLi.
So let's start with it. SQLi tutorials by Team Intra.

Basic Injection

String Injection

Blind Injection

Double querry

String Injection

MSACCES

Filter Evasion

4. XSS is also quite popular. Almost every big website is vulnerable. Even Facebook and Google.

Advanced XSS queries

XSS TUT by Zer0Pwn

5. RFI. This method isn't very popular on HF, but there are some good ones.

RFI TUT

Automated RFI/LFI Scanning Exploiting

6. LFI isn't popular too. But there are some vulnerable websites.

Video and written TUT for LFI

7. HTMLi and SSI.

All in one Thread

8. Nmap Scan

OK, let's start the real tutorial. If no method above work, we can use exploits. So, let's do a scan on our target. For
that we need Nmap.

Open Nmap.
Put in your target.



Press Scan.



If we have found our exploit, we have to look for the programming language. It the exploit is in Perl, you need to
install active perl. The same with PHP. Just Google them.
If you have installed them, you can copy & paste the source code to the editor. If the exploit is in perl, save it as
exploit.pl. If the exploit is in PHP, save it as exploit.php. Save them in C.
Open cmd and write "cd c:/" (without the quotes) and then exploit.pl.



11. Shell.

You can install your shell via the admin panel. In example you used SQLi and got the admin and password, you
decrypted it and you're logged in. You can search a place to upload your html.





Here is a better video tutorial about uploading a shell.

TUT

12. Root. If you have root access to the server, it's your. :D

Haxors Rooting TUT

13. Decryption. Most of time, the passwords are encoded.

Haxors Hash List

TUT

That was my tutorial about web hacking. Thanks to the authors of the tutorials. Sorry, that I didn't write the name of
the authors, I'm just to lazy...
* I'm not responsible for any damage, caused by that tutorial