Skip to main content

How to Hack a Website in Four Easy Steps


Every wondered how Anonymous and other hacktivists manage to steal the data or crash the servers of websites belonging to some of the world biggest organisations? Thanks to freely available online tools, hacking is no long the preserve of geeks, so we've decided to show you how easy it is to do, in just four easy steps.
Step 1: Identify your target

While Anonymous and other online hacktivists may choose their targets in order to protest against perceived wrong-doing, for a beginner wanting to get the taste of success with their first hack, the best thing to do is to identify a any website which has a vulnerability.

Recently a hacker posted a list of 5,000 websites online which were vulnerable to attack. How did he/she identify these websites? Well, the key to creating a list of websites which are likely to be more open to attack, is to carry out a search for what is called a Google Dork.

Google Dorking, also known as Google Hacking, enables you find sensitive data or evidence of vulnerabilities by querying a search engine like Google or Bing. It basically allows you to enter a search term into Google and find websites which may have these vulnerabilities somewhere on the site.

Don't worry about needing technical expertise to know what to look for. Kind-hearted hackers have produced lists of these Google Dorks, neatly categorised into the type of vulnerability you are looking for. Looking for files containing passwords? There's got a Dork for that. Login credentials? There's a Dork for that.

For example, if you are looking for files stored on websites containing passwords, then a sample search query we found openly listed on one indexing site was: intitle:"Index of" master.passwd. This returns the results shown in the screengrab above.

So now you have a list of potential victims. Next you need to narrow this down even further.

Step 2: Check for vulnerabilities

Having a huge number of sites which may or may not be vulnerable is not much use unless you can pinpoint one which is actually open to attack. This is when a programme called a vulnerability scanner comes into its own and the most popular is called Acunetix.

Acunetix, developed by a UK-based company, was designed, and is still used, as a tool for web developers to test sites they are building. However the hacking community has commandeered the tool and uses it to identify existing vulnerable sites.

You can download a trial version of the software for free from the official Acunetix website or if you venture into the murky depths of a hacker forum and search for Acunetix, you can find cracked versions of the full application freely available.

Acunetix, as you can see from the screen shots above, is a simple, straight-forward Windows application and all you need to do is enter the URL of the site you want to target, and press Process. Acunetix will scan the entire website, including all pages associated with it, and return a list of vulnerabilities it finds. If you find the type you are looking for, you will need to move onto Step 3, as Acunetix does not perform any website penetration.

Step 3: Attack the website

Attacking a website is done by two main methods. The first is by carrying out a Distributed Denial of Service (DDoS) attack which overwhelms a website's servers and forces it to shut down. We will deal with this type of attack later, but first we will look at how you can hack into an account and steal some information contained within databases on the site.

This type of attack is known as a SQL (pronounced sequel) Injection. A SQL Injection attack aims to capture information stored in a database on the particular website by introducing some SQL code. SQL is a programming language designed for managing data in a database.

But fear not, you won't need to understand a single line of SQL to carry out this attack. Thankfully another freely-available and easy-to-use application, originally developed in Iran, can be downloaded from the web saving you the trouble of dealing with any complex code.

The program is called Havij, the Farsi word for carrot, which is also a slang word for penis and so, unsurprisingly, this is the piece of software required to penetrate a website.

Again there are free and paid-for versions of Havij available with the paid-for version having more powerful capabilities. Again the world of hacker forums is your friend here and cracked versions of the full Havij application are available if you look for them.

The Havij interface is once again like any other Windows program and all a virgin hacker needs to do is simply copy-and-paste the address of their target website and press a button.

Havij allows you to perform a number of different types of operation including one called a Get, which unsurprisingly gets all the information stored on databases on that particular site which can be usernames, passwords, addresses, email addresses, phone numbers and bank details.

And that's it, within minutes you can search for, download and use a couple of automated tools which will allow you to access websites which are vulnerable to this type of attack. While most high profile companies' websites will be protected from this type of attack, the fact that Sony's website and the personal information of its customers was stolen in a manner similar to this, shows just how vulnerable the web is.

Step 4: If all else fails, DDoS

Hacktivist collective Anonymous changed their tactics in the last 12 months moving away from DDoS as their primary tool for attacking websites, preferring if possible to use SQL Injection instead. However, when this is not possible, they will revert to DDoS attacks, and you can to, with the help of another freely available tool.

And it turns out that DDoSing a website is no more difficult than carrying out a SQL Injection. The programme used is called Low-Orbit Ion Canon (LOIC) which was developed for web designers to stress test websites, but has been high-jacked by hackers in order to attack websites.

Available as a free download from Source Forge, LOIC employs a very user-friendly interface and all potential hackers need to is type in the URL of the site they want to crash and LOIC will do the rest. What the application will do is send up to 200 requests per second to the site in question.

While most bigger sites might be able to deal with this request without crashing, most websites out there will not, especially if you get together with some other hacking virgins and combine your efforts.

So easy is it to use this technology that you can even control it from your BlackBerry, meaning you can be enjoying a pint in the pub with your friends while carrying out a DDoS attack on a website of your choice.

If our tutorial has not provided you with enough information, there are dozens of other tutorials on various hacker forums around the web and even video tutorials on YouTube which you can watch.


Comments

  1. Anonymous10:04 PM

    i hope that i would learn 8 so easily and technically,, coz i want to be in the top most hackers!!!

    ReplyDelete
    Replies
    1. Anonymous2:13 PM

      If you want to be in the top mosst hackers why are you learning in simple tutorials? Don't hope so

      Delete
    2. Anonymous3:12 PM

      The LOIC download is a virus, thanks guys

      Delete
    3. The LOIC download is classified as a virus by most antivirus system because it is used for launching denial of service attacks.

      Delete
    4. Anonymous11:58 PM

      LOIC is unsafe,,the tools in LOIC that hide attacker's IP just work for couple hours. .so u can get arrested. .

      Delete
    5. Anonymous12:01 AM

      u all can use HOIC

      Delete
    6. Easiest way to hack a target website..

      1. reverse the website to find all other websites hosted on that server, with
      http://logontube.com/

      2.copy all the websites to a text file..

      3.download icf mass sqli scanner
      http://ftp.jaist.ac.jp/pub//sourceforge/i/ic/icf-sqli/ICF%20SQLI%20CRAWLER.pl


      4.Load the text file to the scanner and scan and get vulnerable websites..

      use havij to hack it...

      Delete
    7. Anonymous6:49 AM

      i dont think is easy to hack a chinese web site.. maybe we dont understand chinese

      anyone understand what is it about this site www.wiwaa.com ?

      I have tried.. but failed :)

      Delete
    8. Anonymous2:19 AM

      please i need help in hacking a site, email me emywire@gmail.com i need your help

      Delete
  2. Anonymous5:58 AM

    Lots of blank space at the bottom of the page
    Hmmmmmm--------

    ReplyDelete
  3. nice. it ll help 4 me

    ReplyDelete
  4. Anonymous9:31 AM

    i am novish in hacking world. pls help me to learn about it.

    ReplyDelete
    Replies
    1. Anonymous7:49 PM

      You can start with using better grammer.

      Delete
    2. Anonymous7:33 PM

      *grammar

      Delete
  5. dear all i want to learn also about it.
    but no one is helping me,
    tell me some thing that i should do for this,
    because some of my friend hack my id and page, so i want to do same,

    And i want to show him that i can do also.

    ReplyDelete
    Replies
    1. You can start with the list of simple hacks described in this blog.
      http://white-hackers.blogspot.sg/search/label/simple%20hacks

      Delete
  6. Anonymous3:44 AM

    i literally lol'd at this.
    skid
    skid
    skid
    skid
    windows hacking
    skid

    ReplyDelete
  7. Anonymous8:14 AM

    how to enable my adsense accont help 9560726104

    ReplyDelete
    Replies
    1. Contact the Google Adsense Support.

      Delete
  8. Please I really need help, I need the havij free software, where can I get it?

    ReplyDelete
  9. I keep downloading the 1.5 version but its just not working, I need help to get the free version

    ReplyDelete
    Replies
    1. I have updated the post with the link to download.
      I could find the following version after searching online.
      http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/index.html

      Delete
  10. Anonymous5:43 PM

    Do i have to conceal my identity before suffocating the websites and server? If that's the case, kindly reccomend me that sofwtware!
    skullhack.

    ReplyDelete
    Replies
    1. You can always you TOR to protect your privacy and browse anonymously.

      Delete
    2. Anonymous1:01 AM

      I can't believe you're spreading this shit. Spoon feeding script kiddies with shit for information. And please don't tell people to go through TOR when "suffocating a server" or performing a DoS/DDoS attack - it will only crash the TOR server you're going through and never actually make it to the final destination. This is what things like PyLoris were designed for - slow DoS/DDoS with anonymity. Learn your shit before teaching others.

      Delete
    3. Actually if you read my comment I only said that TOR can help you protect your privacy. I checked up on PyLoris, I couldn't find any information on how it helps you protect your privacy or stay anonymous while doing a DoS.

      Delete
  11. Anonymous9:06 AM

    Your comment was in response to someone asking about how to be anonymous while they perform a DoS/DDoS attack. If you weren't telling them to use TOR for that, but only for online browsing - then you didn't even answer their question but instead just started talking about something else. If you didn't find any info about PyLoris being used for slow, anonymous DoS attacks then you didn't look very hard. That is the whole point of the tool; the reason it was coded in the first place. It's an anonymous (routes through TOR) version of RSnake's Slowloris tool from ha.ckers.org

    Hope I could be of some help; I know I don't always come across nice but I'm trying to help.

    ReplyDelete
    Replies
    1. Anonymous9:12 AM

      And I forgot another tip. Please direct users to use ProxyChains when they can instead of TOR. Because TOR leaks if you need to resolve DNS (yes even with Privoxy) - ProxyChains won't (if you tell it not to in the conf file).

      Delete
    2. Your point is fair, so if I get it right Slowloris uses TOR but since its slow it doesn't break it down ?
      We can use someone with your knowledge to contribute to the blog. If you can send me your email (blogger account) at codelion86@gmail.com we can add you up.

      Delete
    3. Anonymous3:02 PM

      Ok I need a way where I cant be tracked 100% sure because DDOSing is illegal and I dont want to go to jail over a stupid DDOS

      Delete
  12. Anonymous7:52 AM

    tell me how to hack any chat site's user ? it can be admin's profile

    ReplyDelete
  13. Anonymous9:25 AM

    Getting more users to implement TOR is never a bad thing and should be encouraged. Even when doing so is irrelevant :D

    ReplyDelete
  14. wow that was a great post

    ReplyDelete
  15. Anonymous6:51 AM

    You have my respect for making this. It is a nice tutorial that states the main idea unlike most tutorials. Good job!

    ReplyDelete
  16. Anonymous12:00 AM

    thanks;-).

    ReplyDelete
  17. Anonymous10:36 PM

    help hack this site www.vais.us

    ReplyDelete
  18. Anonymous12:56 AM

    hello
    i want to hack a weblog
    i dont actually care how to hack it by myself
    could uintriduce me some1 to hack this weblog for me ...
    off course ,a present is considered to bestow
    this is my facebook account number
    facebook.com/sajjad.momenzade
    thank u anyone
    i love u all

    ReplyDelete
  19. http://www.o-i-community.de need this site done over

    ReplyDelete
  20. Anonymous5:00 AM

    hey frnd can u hack a website for me
    www.ssipmt.com/controlpanel
    can u hack username and password of it
    please thanking you

    ReplyDelete
  21. Thanks dude. I was actually looking for browser hacking but ended up here ., and i must say it was really awsome guide ., I think the best i ever read anywhere about any topic. I hope this all work . Thankyou Again.

    ReplyDelete
    Replies
    1. hai kamran.. can u hack this site for me www.gaymelayumalaysia.blogspot.com

      i tried many times but im lost... becouse this site to show a porn naked male... please my friend.

      Delete
  22. any one can hack this site????
    www.chat4pak.com
    ?????

    ReplyDelete
  23. Anonymous3:09 AM

    can anyone do something to mess up this site/system these horrible cold callers,im pestered everyday.im not even the person they ask for,also my address is is different to the person they keep asking for.ive asked them to take my number out there systems but they still keep calling.the site is called/they on the web. money saver telecoms. the number is 01925401700 i wish i could fuck them up like they fucking my life and thousands of others here in the uk.typing that number into the web shows up all the pissed off people.i want these and all the other tax avoiding companys to be fucked up big time.sorry for the swearing its just how strongly i feel about it.thanks to anyone who helps.

    ReplyDelete
  24. I want to revmove this URL ad. pl help me
    " http://ahmedabad.postindia.net/shapewell-nutrtion-center-weight-management-center-ahmedabad-1549347.html ".

    ReplyDelete
    Replies
    1. You can email on postindia.net@protecteddomainservices.com to ask them to take down private information in that page (phone number)

      Delete
  25. Anonymous12:35 PM

    info worthy to a person amaturely intersted in hacking...but u need some basics....to be strong...!any way....matter was clear...and worthy of reading.!thanks

    ReplyDelete
  26. Anonymous8:16 AM

    http://baducontacts.blogspot.com/2011/12/lakan-badu-gonnu-full-list_09.html

    please help me to delete this blogspot, it harest my sister..... please my dear friends

    ReplyDelete
    Replies
    1. This webpage has been removed from blogpost !!!

      Delete
    2. hai codelion.. can u hack/remove this site for me www.gaymelayumalaysia.blogspot.com

      i tried many times but im lost... becouse this site to show a porn naked male and harest my naked pic... please my friend.

      Delete
  27. dear all i wanted to know if their's away to hack or just destroy a blogspot ?

    ReplyDelete
  28. Anonymous7:56 AM

    can any one tell me how to take up a case with blogger who uses anonymous user id to spew venom on competitors?please help me, and i am a victim of this kind of strategy

    ReplyDelete
  29. Anonymous6:05 AM

    We can't hack www.chat4pak.com
    Hacking attempt failed, much security.

    Web has multiple servers,



    ReplyDelete
  30. Anonymous10:25 AM

    I wanna my name black hackers list wahat i do

    ReplyDelete
  31. Anonymous2:33 AM

    i want to remove this page


    http://upliftthem.blogspot.in/2012/09/college-girl-gayathri-raped-and.html

    ReplyDelete
  32. Anonymous3:39 AM

    Dear codelion, please help me. I need your help to remove this irritating blog, http://dendang-anak.blogspot.com/ because it is harassing my family's pride all over the time as more people visit the blog!!! Can you please tell me how or please remove this blog, thank you very much!!!

    ReplyDelete
  33. Anonymous11:42 PM

    Please give me the password of this email id inamullahkhan78@gmail.com on my email id luckychoudhary177@gmail.com then whatever you say i will do for you

    ReplyDelete
  34. Anonymous10:18 AM

    http://fileice.net/download.php?file=q61a can you give me the download site because i dont know how to hack the survey send me in my yahoo account thanks davenpaolo@yahoo.com

    ReplyDelete
  35. can anyone help me get passwords to a POF account ( plenty of fish) i am being played and also passwords to yahoo, gmail, live.co.uk?

    My dearest hubby is doing the dirty but i dnt have passwords:(
    pls help

    how can i get the passwords a she ha sthe application to POF for example on his phone and he keeps his phone very close to him, he wont give me passwords to his facebook or any email address yet has access to all my things.

    ReplyDelete
  36. Anonymous4:18 AM

    Hello My Friend, I need Help From U, Actually I Have One EXE Software For PC And When I Am Launch the software it says to enter passwords. i replied software created he ever answer me. i completed 26 survey for it but at last survey link survey not completing f rom 13 days till now. i want that you crack the password and i can use that software for withdraw my money from some cheating website. its very needed so plz relpy this message or you can email me shaikhmarketing@gmail.com

    ReplyDelete
  37. Hello i have Havij and Loic ...... what do you prefer to use ??

    ReplyDelete
  38. hai my friend.. can u hack/remove this site for me http://www.gaymelayumalaysia.blogspot.com/2013/01/gmm6-slurrpppppp.html

    i tried many times but im lost... because this site to show a porn naked male and embarrass my naked pic... please my friend.

    ReplyDelete
  39. Super helpful post. Thank you,

    ReplyDelete
  40. Anonymous8:43 PM

    hi
    I want to hack a voting website , I want to increase the number of my fav singer ,, but I don't know how !!
    can u help me .. pleeeeeeeeeeeeeeeeeease
    thanks

    ReplyDelete
  41. This is such a great resource that you are providing and you give it away for free. I love seeing websites that understand the value of providing a quality resource for free.
    minecraft hosting

    ReplyDelete
  42. Anonymous12:38 PM

    can you hack or take down a site that is lying. blogspot. "Bishopfredhoward exposed"

    ReplyDelete
  43. Anonymous12:40 PM

    This is my pastor, i love him dearly and they are trying to destroy his name. "bishopfredhowardexposed"; "apostlefredhowardexposed" both of them please please, someone do something.

    ReplyDelete
  44. Anonymous7:35 AM

    Please,I wnt You people to help tell me how to hark a site that they wnat me to pay money before I can be able to chat in their site,pls how do I do it?

    ReplyDelete
  45. Anonymous3:00 PM

    fuck da bastardz http://peanuthosting.com/index.php?p=main

    ReplyDelete
  46. Anonymous7:01 AM

    Frist I'd like to thank codelion and anonymous for the enlightenment, it is helpful. Lol some of yowl wanting to be hackers need a spell and grammar check (that's why cracking china is hard, yowl failing your own language[English]). now for the question, how does one hack into any mobile phone for data transfer and retrieval purposes?

    ReplyDelete
  47. Please hack this web for me
    www.itdunya.com

    ReplyDelete
  48. Genuine Onliner1:06 AM

    Hack this account ASAP
    www.fightsportsnews.com

    ReplyDelete
  49. great work,bro!!! Check this out for Miscellanious article on hacking & hackeing news!!
    http://www.thehackersradio.com

    ReplyDelete
  50. yesta desamba Thank you for your comment.Dating Software Blog

    ReplyDelete
  51. Hello Friend Your Blog So Great pakistani chat room And so Good Looking

    ReplyDelete
  52. Anonymous8:56 AM

    Hai Pls hack www.southmp3.us Please............

    ReplyDelete
  53. Anonymous10:38 PM

    guys i need to hack a website plz guide me with all it needs

    ReplyDelete
  54. hack this please..


    saradhamatricgingee.blogspot.in

    ReplyDelete
  55. Anonymous7:14 AM

    I tried to hack this blogspot, http://entryleveljobscamsblog.blogspot.com/2011/02/lne-consulting-inc-hollywood-fl-near.html can anyone help me to hack it or remove it?

    ReplyDelete
  56. i want to change the database of a educational site if there is any one who can do then i will pay for that..

    ReplyDelete
  57. Nice blog and very informative thank you for sharing us.
    Accurate Silver Tips

    ReplyDelete

Post a Comment

Popular posts from this blog

How to Hack Facebook Password in 5 Ways

Check out the following post from  fonelovetz blog  on facebook account hacking. This is one of the most popular questions which I'm asked via my email.And today I'm going to solve this problem one it for all.Even though i have already written a few ways of hacking a facebook password.Looks like i got to tidy up the the stuff here.The first thing i want to tell is.You can not hack or crack a facebook password by a click of a button.That's totally impossible and if you find such tools on the internet then please don't waste your time by looking at them! They are all fake.Ok now let me tell you how to hack a facebook account. I'll be telling you 5 of the basic ways in which a beginner hacker would hack.They are: 1.Social Engineering 2.Keylogging 3.Reverting Password / Password Recovery Through Primary Email 4.Facebook Phishing Page/ Softwares 5.Stealers/RATS/Trojans I'll explain each of these one by one in brief.If you want to know more about them just ...

How to Hack Someone's Cell Phone to Steal Their Pictures

Do you ever wonder how all these celebrities continue to have their private photos spread all over the internet? While celebrities' phones and computers are forever vulnerable to attacks, the common folk must also be wary. No matter how careful you think you were went you sent those "candid" photos to your ex, with a little effort and access to public information, your pictures can be snagged, too. Here's how. Cloud Storage Apple's iCloud service provides a hassle free way to store and transfer photos and other media across multiple devices. While the commercial exemplifies the G-rated community of iPhone users, there are a bunch of non-soccer moms that use their iPhones in a more..."free spirited" mindset. With Photo Stream enabled (requires OS X Lion or later, iOS 5 or later), pictures taken on your iPhone go to directly to your computer and/or tablet, all while being stored in the cloud. If you think the cloud is safe, just ask Gizmodo ...

How to Hack Samsung Phone Screen Lock

I have discovered  another  security flaw in Samsung Android phones. It is possible to completely disable the lock screen and get access to any app - even when the phone is "securely" locked with a pattern, PIN, password, or face detection. Unlike another recently released flaw, this doesn't rely quite so heavily on ultra-precise timing. Video . Of course, if you are unable to download a screen unlocker, this security vulnerability still allows you to  dial any phone number and run any app ! HOWTO From the lock screen, hit the emergency call button. Dial a non-existent emergency services number - e.g. 0. Press the green dial icon. Dismiss the error message. Press the phone's back button. The app's screen will be briefly displayed. This is just about long enough to interact with the app. Using this, you can run and interact with any app / widget / settings menu. You can also use this to launch the dialler. From there, you can dial any phone...