Understanding Web Defacement

What’s the actual theory behind Website Defacement?

@Rootsec In my opinion most sites are defaced for LuLz. Other reasons would be Political, Hacktivism, or taking out the competition.

@MoNsTeR Ah… ik the reason but i was trying to understand “how exactly it is done”. You will find “a lot of” YouTube videos are there just to make you fool or are made by kiddies. They don’t cover the actual way.

@Rootsec Ohhhh… Please excuse me I misunderstood your question. Okay so Sql-Injection & file inclusion vulnerabilities are the leading causes that lead to defacement. I have posted a thread here Want To Become A Certified Ethical Hacker? That will give you a better understanding on exploiting these common vulnerabilities. :male_detective:

Thank you for answering but is there any other link available except that anonymous file download? I fear downloading those files.

@Rootsec Ultimately we know that the other side of every fear is freedom. I would suggest creating a virtual malware analysis lab and get familiar with malware. You are in luck because Alexis has just released Malware Analysis Bootcamp - Setting Up Our Enviroment

1 Like

Thanks for your suggestion buddy but can i check for website defacement( file upload vulnerabilities) using Google dorks?

Yes, certain Google dorks will identify vulnerable websites for you.

Can you name a few. Found nothing but dorks that does not work on Google.

@Rootsec Here is an example. Remember this is P.O.C and many HoneyPots exist searching saturated google dorks.

intitle:Upload inurl:/cgi-bin/filechucker.cgi

What does this mean here? Can you specify it ?

@Rootsec Antivirus company’s, Colleges, Malware Enthusiasts, and Federal Agency’s all setup Honeypots to collect new types of malware or exploits for analysis. Remember to always do things legally.

By using the dork i am not getting anything interesting it is just a random very basic file upload site that does not even allow me to access those files uploaded by me or do anything.

@Rootsec arbitrary code can be executed from affected software. I was showing you an example. Not to go exploit random sites.

I appreciate your answer. people tell the success but not the steps require to reach that success. I will find more deep details by myself. Just wanted to know the actual inside story. But, how can i find such vulnerabilities in a software?