Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the preserve of geeks, so we've decided to show you how easy it is to do, in just four easy steps.
Step 1: Identify your target
While Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability.
Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork.
Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.
Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials? There's a Dork for that.
For example, if you are looking for files stored on websites containing passwords, then a sample search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This returns the results shown in the screengrab above.
So now you have a list of potential victims. Next you need to narrow this down even further.
Step 2: Check for vulnerabilities
Having a huge number of sites which may or may not be vulnerable is not much use unless you can pinpoint one which is actually open to attack. This is when a programme called a vulnerability scanner comes into its own and the most popular is called Acunetix.
Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web developers to test sites they are building. However the hacking community has commandeered the tool and uses it to identify existing vulnerable sites.
You can download a trial version of the software for free from the official Acunetix website or if you venture into the murky depths of a hacker forum and search for Acunetix, you can find cracked versions of the full application freely available.
Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.
Step 3: Attack the website
Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site.
This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. SQL is a programming language designed for managing data in a database.
But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code.
The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.
Again there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.
The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button.
Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.
And that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is.
Step 4: If all else fails, DDoS
Hacktivist collective Anonymous changed their tactics in the last 12 months moving away from DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with the help of another freely available tool.
And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers in order to attack websites.
Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest. What the application will do is send up to 200 requests per second to the site in question.
While most bigger sites might be able to deal with this request without crashing, most websites out there will not, especially if you get together with some other hacking virgins and combine your efforts.
So easy is it to use this technology that you can even control it from your BlackBerry, meaning you can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of your choice.
If our tutorial has not provided you with enough information, there are dozens of other tutorials on various hacker forums around the web and even video tutorials on YouTube which you can watch.
i hope that i would learn 8 so easily and technically,, coz i want to be in the top most hackers!!!
ReplyDeleteIf you want to be in the top mosst hackers why are you learning in simple tutorials? Don't hope so
DeleteThe LOIC download is a virus, thanks guys
DeleteThe LOIC download is classified as a virus by most antivirus system because it is used for launching denial of service attacks.
DeleteLOIC is unsafe,,the tools in LOIC that hide attacker's IP just work for couple hours. .so u can get arrested. .
Deleteu all can use HOIC
DeleteEasiest way to hack a target website..
Delete1. reverse the website to find all other websites hosted on that server, with
http://logontube.com/
2.copy all the websites to a text file..
3.download icf mass sqli scanner
http://ftp.jaist.ac.jp/pub//sourceforge/i/ic/icf-sqli/ICF%20SQLI%20CRAWLER.pl
4.Load the text file to the scanner and scan and get vulnerable websites..
use havij to hack it...
i dont think is easy to hack a chinese web site.. maybe we dont understand chinese
Deleteanyone understand what is it about this site www.wiwaa.com ?
I have tried.. but failed :)
These are old methods dude !!
DeleteWell DDOS is Best all of them.
" How to become a hacker Learn hacking step by step"
" Windows 8 Download Very Fast in few minutes"
" Mobilink Hacking Latest tips and tricks cheats codes "
" Samsung Mobiles Latest Tips and tricks Cheats"
please i need help in hacking a site, email me emywire@gmail.com i need your help
DeleteLots of blank space at the bottom of the page
ReplyDeleteHmmmmmm--------
nice. it ll help 4 me
ReplyDeletei am novish in hacking world. pls help me to learn about it.
ReplyDeleteYou can start with using better grammer.
Delete*grammar
Deletedear all i want to learn also about it.
ReplyDeletebut no one is helping me,
tell me some thing that i should do for this,
because some of my friend hack my id and page, so i want to do same,
And i want to show him that i can do also.
You can start with the list of simple hacks described in this blog.
Deletehttp://white-hackers.blogspot.sg/search/label/simple%20hacks
i literally lol'd at this.
ReplyDeleteskid
skid
skid
skid
windows hacking
skid
thanks
ReplyDeletehow to enable my adsense accont help 9560726104
ReplyDeleteContact the Google Adsense Support.
DeletePlease I really need help, I need the havij free software, where can I get it?
ReplyDeleteI keep downloading the 1.5 version but its just not working, I need help to get the free version
ReplyDeleteI have updated the post with the link to download.
DeleteI could find the following version after searching online.
http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/index.html
Do i have to conceal my identity before suffocating the websites and server? If that's the case, kindly reccomend me that sofwtware!
ReplyDeleteskullhack.
You can always you TOR to protect your privacy and browse anonymously.
DeleteI can't believe you're spreading this shit. Spoon feeding script kiddies with shit for information. And please don't tell people to go through TOR when "suffocating a server" or performing a DoS/DDoS attack - it will only crash the TOR server you're going through and never actually make it to the final destination. This is what things like PyLoris were designed for - slow DoS/DDoS with anonymity. Learn your shit before teaching others.
DeleteActually if you read my comment I only said that TOR can help you protect your privacy. I checked up on PyLoris, I couldn't find any information on how it helps you protect your privacy or stay anonymous while doing a DoS.
DeleteYour comment was in response to someone asking about how to be anonymous while they perform a DoS/DDoS attack. If you weren't telling them to use TOR for that, but only for online browsing - then you didn't even answer their question but instead just started talking about something else. If you didn't find any info about PyLoris being used for slow, anonymous DoS attacks then you didn't look very hard. That is the whole point of the tool; the reason it was coded in the first place. It's an anonymous (routes through TOR) version of RSnake's Slowloris tool from ha.ckers.org
ReplyDeleteHope I could be of some help; I know I don't always come across nice but I'm trying to help.
And I forgot another tip. Please direct users to use ProxyChains when they can instead of TOR. Because TOR leaks if you need to resolve DNS (yes even with Privoxy) - ProxyChains won't (if you tell it not to in the conf file).
DeleteYour point is fair, so if I get it right Slowloris uses TOR but since its slow it doesn't break it down ?
DeleteWe can use someone with your knowledge to contribute to the blog. If you can send me your email (blogger account) at codelion86@gmail.com we can add you up.
Ok I need a way where I cant be tracked 100% sure because DDOSing is illegal and I dont want to go to jail over a stupid DDOS
Deletetell me how to hack any chat site's user ? it can be admin's profile
ReplyDeleteGetting more users to implement TOR is never a bad thing and should be encouraged. Even when doing so is irrelevant :D
ReplyDeletewow that was a great post
ReplyDeleteYou have my respect for making this. It is a nice tutorial that states the main idea unlike most tutorials. Good job!
ReplyDeletethanks;-).
ReplyDeletehelp hack this site www.vais.us
ReplyDeletehello
ReplyDeletei want to hack a weblog
i dont actually care how to hack it by myself
could uintriduce me some1 to hack this weblog for me ...
off course ,a present is considered to bestow
this is my facebook account number
facebook.com/sajjad.momenzade
thank u anyone
i love u all
http://www.o-i-community.de need this site done over
ReplyDeletehey frnd can u hack a website for me
ReplyDeletewww.ssipmt.com/controlpanel
can u hack username and password of it
please thanking you
Thanks dude. I was actually looking for browser hacking but ended up here ., and i must say it was really awsome guide ., I think the best i ever read anywhere about any topic. I hope this all work . Thankyou Again.
ReplyDeletehai kamran.. can u hack this site for me www.gaymelayumalaysia.blogspot.com
Deletei tried many times but im lost... becouse this site to show a porn naked male... please my friend.
any one can hack this site????
ReplyDeletewww.chat4pak.com
?????
can anyone do something to mess up this site/system these horrible cold callers,im pestered everyday.im not even the person they ask for,also my address is is different to the person they keep asking for.ive asked them to take my number out there systems but they still keep calling.the site is called/they on the web. money saver telecoms. the number is 01925401700 i wish i could fuck them up like they fucking my life and thousands of others here in the uk.typing that number into the web shows up all the pissed off people.i want these and all the other tax avoiding companys to be fucked up big time.sorry for the swearing its just how strongly i feel about it.thanks to anyone who helps.
ReplyDeleteI want to revmove this URL ad. pl help me
ReplyDelete" http://ahmedabad.postindia.net/shapewell-nutrtion-center-weight-management-center-ahmedabad-1549347.html ".
You can email on postindia.net@protecteddomainservices.com to ask them to take down private information in that page (phone number)
Deleteinfo worthy to a person amaturely intersted in hacking...but u need some basics....to be strong...!any way....matter was clear...and worthy of reading.!thanks
ReplyDeletehttp://baducontacts.blogspot.com/2011/12/lakan-badu-gonnu-full-list_09.html
ReplyDeleteplease help me to delete this blogspot, it harest my sister..... please my dear friends
This webpage has been removed from blogpost !!!
Deletehai codelion.. can u hack/remove this site for me www.gaymelayumalaysia.blogspot.com
Deletei tried many times but im lost... becouse this site to show a porn naked male and harest my naked pic... please my friend.
dear all i wanted to know if their's away to hack or just destroy a blogspot ?
ReplyDeletecan any one tell me how to take up a case with blogger who uses anonymous user id to spew venom on competitors?please help me, and i am a victim of this kind of strategy
ReplyDeleteWe can't hack www.chat4pak.com
ReplyDeleteHacking attempt failed, much security.
Web has multiple servers,
I wanna my name black hackers list wahat i do
ReplyDeletei want to remove this page
ReplyDeletehttp://upliftthem.blogspot.in/2012/09/college-girl-gayathri-raped-and.html
Dear codelion, please help me. I need your help to remove this irritating blog, http://dendang-anak.blogspot.com/ because it is harassing my family's pride all over the time as more people visit the blog!!! Can you please tell me how or please remove this blog, thank you very much!!!
ReplyDeletePlease give me the password of this email id inamullahkhan78@gmail.com on my email id luckychoudhary177@gmail.com then whatever you say i will do for you
ReplyDeletehttp://fileice.net/download.php?file=q61a can you give me the download site because i dont know how to hack the survey send me in my yahoo account thanks davenpaolo@yahoo.com
ReplyDeletecan anyone help me get passwords to a POF account ( plenty of fish) i am being played and also passwords to yahoo, gmail, live.co.uk?
ReplyDeleteMy dearest hubby is doing the dirty but i dnt have passwords:(
pls help
how can i get the passwords a she ha sthe application to POF for example on his phone and he keeps his phone very close to him, he wont give me passwords to his facebook or any email address yet has access to all my things.
Hello My Friend, I need Help From U, Actually I Have One EXE Software For PC And When I Am Launch the software it says to enter passwords. i replied software created he ever answer me. i completed 26 survey for it but at last survey link survey not completing f rom 13 days till now. i want that you crack the password and i can use that software for withdraw my money from some cheating website. its very needed so plz relpy this message or you can email me shaikhmarketing@gmail.com
ReplyDeleteHello i have Havij and Loic ...... what do you prefer to use ??
ReplyDeletehai my friend.. can u hack/remove this site for me http://www.gaymelayumalaysia.blogspot.com/2013/01/gmm6-slurrpppppp.html
ReplyDeletei tried many times but im lost... because this site to show a porn naked male and embarrass my naked pic... please my friend.
Super helpful post. Thank you,
ReplyDeletehi
ReplyDeleteI want to hack a voting website , I want to increase the number of my fav singer ,, but I don't know how !!
can u help me .. pleeeeeeeeeeeeeeeeeease
thanks
This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free.
ReplyDeleteminecraft hosting
can you hack or take down a site that is lying. blogspot. "Bishopfredhoward exposed"
ReplyDeleteThis is my pastor, i love him dearly and they are trying to destroy his name. "bishopfredhowardexposed"; "apostlefredhowardexposed" both of them please please, someone do something.
ReplyDeletePlease,I wnt You people to help tell me how to hark a site that they wnat me to pay money before I can be able to chat in their site,pls how do I do it?
ReplyDeletefuck da bastardz http://peanuthosting.com/index.php?p=main
ReplyDeleteFrist I'd like to thank codelion and anonymous for the enlightenment, it is helpful. Lol some of yowl wanting to be hackers need a spell and grammar check (that's why cracking china is hard, yowl failing your own language[English]). now for the question, how does one hack into any mobile phone for data transfer and retrieval purposes?
ReplyDeletePlease hack this web for me
ReplyDeletewww.itdunya.com
Hack this account ASAP
ReplyDeletewww.fightsportsnews.com
great work,bro!!! Check this out for Miscellanious article on hacking & hackeing news!!
ReplyDeletehttp://www.thehackersradio.com
yesta desamba Thank you for your comment.Dating Software Blog
ReplyDeleteHello Friend Your Blog So Great pakistani chat room And so Good Looking
ReplyDeleteHai Pls hack www.southmp3.us Please............
ReplyDeleteguys i need to hack a website plz guide me with all it needs
ReplyDeletehack this please..
ReplyDeletesaradhamatricgingee.blogspot.in
I tried to hack this blogspot, http://entryleveljobscamsblog.blogspot.com/2011/02/lne-consulting-inc-hollywood-fl-near.html can anyone help me to hack it or remove it?
ReplyDeletei want to change the database of a educational site if there is any one who can do then i will pay for that..
ReplyDeleteNice blog and very informative thank you for sharing us.
ReplyDeleteAccurate Silver Tips