There is a weebly website that I want to deface/shutdown. I have run the domain through nikto and came up with the OSVDB vulnerabilities 877 and 3092. How would I begin to exploit this website? I cannot try to crack the password to the account that can edit the website because I frankly do not know the username. Any thoughts on how I would begin to exploit this site?
Forum Thread: How Would I Go About Defacing a Website?
- Hot
- Active
-
Forum Thread: Changing IP Address 9 Replies
2 days ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
1 wk ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
2 wks ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 2 Replies
1 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
1 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
3 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
3 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
3 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
3 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
3 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
3 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
3 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
4 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
5 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
5 mo ago -
Forum Thread: How to Run and Install Kali Linux on a Chromebook 18 Replies
5 mo ago -
Forum Thread: How to Find Admin Panel Page of a Website? 13 Replies
6 mo ago -
Forum Thread: can i run kali lenux in windows 10 without reboting my computer 4 Replies
6 mo ago -
Forum Thread: How to Hack School Website 11 Replies
6 mo ago -
Forum Thread: Make a Phishing Page for Harvesting Credentials Yourself 8 Replies
6 mo ago
-
How To: Hunt Down Social Media Accounts by Usernames with Sherlock
-
How To: Hack Apache Tomcat via Malicious WAR File Upload
-
Tutorial: Create Wordlists with Crunch
-
How To: Dox Anyone
-
How To: Crack Shadow Hashes After Getting Root on a Linux System
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How To: Enumerate SMB with Enum4linux & Smbclient
-
How To: Target Bluetooth Devices with Bettercap
-
How To: Intercept Images from a Security Camera Using Wireshark
-
How To: Exploit WebDAV on a Server & Get a Shell
-
How to Hack Wi-Fi: Disabling Security Cameras on Any Wireless Network with Aireplay-Ng
-
How To: Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
-
How to Hack Radio Frequencies: Hijacking FM Radio with a Raspberry Pi & Wire
-
How to Hack Wi-Fi: Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
-
Hack Like a Pro: How to Conduct a Simple Man-in-the-Middle Attack
-
Networking Foundations: Basic IP Addressing (Part 2)
-
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 2 (Network Attack Defense)
-
Hack Like a Pro: How to Cover Your Tracks & Leave No Trace Behind on the Target System
-
How To: Use UFONet
-
Locking Down Linux: Using Ubuntu as Your Primary OS, Part 3 (Application Hardening & Sandboxing)
7 Responses
DDoS.
ghost_
Oh yeah, thanks!
You're welcome.
ghost_
well if you found vulnerabilities then you should find out if there are any exploits that are related? Im pretty sure you can search metasploit for OSVDB related exploits. DoS attack will work too though.
OR write one for the vulnerabilities discovered. Random Tip: Most exploits methods are vague at best on purpose...
So you are really trying to use a 11 yr old sploit?
"I frankly do not know the username" Uh 'admin' perhaps?
Just reboot bro.
OSVDB-3092 allows you to see the ASP page of the website, but may not provide you with the kind of capability you're looking for. According to the OSVDB website, "there is no known vulnerability or exploit against this". OSVDB-877 may allow "unauthorized information disclosure" and may also be vulnerable to XSS, but again is not necessarily going to get you information.
DoSing will be the most effective and quick route.
"And knowing is half the battle". -G.I. Joe
Share Your Thoughts