Exploiting Basics

There are mainly three different types of exploits that are used on the internet. PHP, Perl and Web Based attacks.
PHP and Perl attacks are run on the persons computer through an interpreter - a program that reads the code and runs the output. These are usually powered by an underlying SQL or XSS attack.

The other type of attack is a plain web based attack, usually a SQL injection or an XSS exploit with no PHP or Perl powered frontend. These are the easiest to do, but the hardest to figure out how to use as there is not a definitive way of executing them.

General Information

Operating Systems
The most widely used OS is Windows and to be honest I hate it. But I use it. But it is very hard to hack with as tools are not really created for it in mind. Because of that I recommend Linux as a hacking OS because everything just works. .
Oh, yeah, did I mention its free?

PHP
PHP (PHP: Hypertext Preprocessor) is a computer scripting language, originally designed for producing dynamic web pages. It is mainly used in server-side scripting, but can be used from a command line interface or in standalone graphical applications.
Yes, that's from Wikipedia. But its helpful and might be interesting.
But PHP is a very useful and powerful programming language which is used for diverse projects. Because its powerful yet simplistic its used for hacking. And, of course, its free.

How To Spot a PHP Exploit
A PHP exploit is always encased in tags.

Perl
Perl is a dynamic programming language created by Larry Wall and first released in 1987. Perl borrows features from a variety of other languages including C, shell scripting (sh), AWK, sed and Lisp. Perl was widely adopted for its strengths in text processing and lack of the arbitrary limitations of many scripting languages at the time.
Yes, thats from Wikipedia too. But Perl too is a powerful yet simplistic language, like PHP. And its free as well

How To Spot a Perl Exploit
They always start with

#!/usr/bin/perl

Executing Exploits:

Web Based:
These attacks differ hugely so the easiest thing to do is to read the NFO when using this kind of attack.
They usually come in the format

http://www.xxx.org/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*

The example is a SQL injection but XSS attacks looks very similar. All text after the view.php? is the sploit. The exploit occurs in the way that the PHP handles the information being sent by the HTML.
To use these you just paste everything from http://www.xxx.org/ into the browser address bar while on the vulnerable page of the website.
For example: I am on the forums of a website at www.somewebsite.org/forums/. I know the exploit is in the format above. But, I know that the venerable part of the site is in the /forums/ sub directory so I paste the exploit there:

www.somewebsite.org/forums/view.php?id=-1+union+select+1,2,3,convert(concat(database(),char(58),user(),char(58),version()),char),5,6,7,8,9,10,11,12/*

You can take this principle and apply it to XSS exploits as well.

To be a script you do not need to know SQL, but if you want to develop your own exploits it helps a great deal. Look here for more information: http://www.w3schools.com/sql/default.asp

PHP on Windows:
To run PHP on Windows, you need the PHP software. The is open source so free to download.
http://www.php.net/downloads.php
Download the latest version of the Windows binary installer and the zipped folder.

Run the installer, install it into C:PHP, choose not to configure a web server. Next, open the zip, extract everything into the same folder. Rename php.exe to php2.exe or php.exe.bak. Now copy the php.exe from the C:PHPCLI folder to C:PHP.

Right-click My Computer and pick properties. Click the Advanced tab, then the Environment Variables at the bottom. In the second list-box youâ??ll see a line for PATH. Double-click it and add to the end of the existing line â??;C:PHPâ?? This should give you something like:
Code:

C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;
C:Program FilesCommand;C:PHP

Click OK.

Now open a Command Prompt and type the following lines:

ASSOC .php=PHPScript
FTYPE PHPScript="C:PHPPHP.EXE" "%1" %*

You can now just type a PHP script name to run it like an EXE in Command Prompt. No need to type PHP first. For example:
Code:

C:>phpscript.php

Now you have got PHP environment set up save the exploit to your computer as a .php file. The easiest way to do this is to paste everything from the into notepad. Then File -> Save as and save as type All Files. then in the file name type exploit.php.

Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file

The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the '....' to the information relevant to the site that you are exploiting.

Finally you can run it on the command prompt but navigating to the directory that you saved the exploit.php file in.

C:> cd C:/your/dir/goes/here

and then run the exploit

C:/your/dir/goes/here> exploit.php

The output of your exploit, such as passwords, will be shown in the command prompt.

Your done

PHP on Linux (Debian/Ubuntu):
Firstly, become root. Then install PHP.

apt-get install php5

Then save the exploit as exploit.php to your home directory. The exploit is everything within .

Read through the php file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = 'http://localhost/cutenews.1.4.5/search.php';
$username = 'waraxe'; // Username is needed
$outfile = './cute_log.txt';// Log file

The text after the // are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the '....' to the information relevant to the site that you are exploiting.

Finally, run the php file.

php exploit.php

The output of your exploit, such as passwords, will be shown in the command prompt.

Your done

Perl on Windows:
Perl is very similar to PHP in the way that its run, but thanks to good software, it is a lot easier to execute.

Download Strawberry Perl from: http://strawberryperl.com/
Just install and you are able to run perl files by executing on the command line

perl exploit.pl

Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:

$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file

The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the "...." to the information relevant to the site that you are exploiting.

Finally run the exploit by typing into the command line:

perl exploit.pl

The output of your exploit, such as passwords, will be shown in the command prompt below.

Your done

Perl on Linux (Debian/Ubuntu):
Become root and install perl:

apt-get install perl

You are then able to run perl files by executing:

perl exploit.pl

Save the perl exploit to your home directory as exploit.pl.

Read through the perl file before running as often you need to define (change) the variables which are used throughout the exploit, such as the website name. These are always at the top of the program and look like:
Code:

$target = "http://localhost/cutenews.1.4.5/search.php";
$username = "waraxe"; #Username is needed
$outfile = "./cute_log.txt2; # Log file

The text after the # are comments (apart from the web address). This is so the programmer can give you information about what to do within the source code. Always read these as they give useful information.

Change the text within the "...." to the information relevant to the site that you are exploiting.

Finally run the exploit by typing:

perl exploit.pl

The output of your exploit, such as passwords, will be shown in the comemand prompt below.

Article written by AUTHOR_NAME

WRITE_ABOUT_YOURSELF