Как взломать сайт и получить доступ к админке

Аренда взломщика веб-сайтов

See details of our step by step process of website hacking, you can always contact us for direct and indirect assistance. Rent a Website Hacker

Quaoar is a boot2root virtual machine hosted in vulnhub, created by Viper for Hackfest 2016 CTF. This machine is good for those who have the urge to start a career in the field of cyber security and are enthusiastic to hack the machine and get access. Apart from that, there are many machines in which we exploit the machines and improve our hacking skills. So, In this write-up, I will explain the steps to hack Quaoar Machine.

• Start your Linux and Quaoar machine and set Network Adapadter as NAT.
• Open the Linux terminal and check the IP address.Rent a Website Hacker

• Use Sudo netdiscover -r command to perform network scanning to find Quaoar machine IP.(192.168.66.133)

• Ping the Quaoar machine (Ping Successfully)

• Perform network scanning using NMAP Tool.

• In the above snap, 9 ports are open and we can use port 22 as well as port 80 to hack the Quaoar Machine.
• In my case, I used port 80. Rent a Website Hacker
• Hit Port 80 with Quaoar Machine Ip in the firefox search bar and the output is given below.

• Click on the above picture and you get another picture that is given below.

• Right Click on the above page, go to inspect and see the hint if any.

• In the above picture, we do not find anything that can help us to exploit the machine. So, the solution is to find the hidden files using the gobuster and dirbuster tools. Rent a Website Hacker
• Use this command to see the hidden files (gobuster dir -w /usr/share/wordlists/dirb/big.txt -u 192.168.66.133).

• Put these URI one by one on the search bar and see the output, every URI has different output.

e.g.

• Open the URI of WordPress.

• After that, On the left side, there has a login option under META, click on that or you can put wp-admin on the search bar. 192.168.66.133/WordPress/wp-admin/

• After getting the login page, the next step is to enter the credentials and get admin access.
• To find the username, there are two ways that are given below.

STEP 1

• For this, focus on the above screenshot (http://192.168.66.133/wordpress/) and click on HELLO WORLD!.
• After clicking on HELLO WORLD! the output is given below and you can easily judge the username.

• The username is ADMIN which is given in the above snap.

STEP 2

• Use the wpsacn tool to get the username as well as password(wpscan — url http://192.168.66.133/wordpress/ -e u).

• The next step is to find the password & for this the command is

wpscan — url http://192.168.66.133/wordpress/ -U admin -P /usr/share/wordlists/dirb/rockyou.txt

• You can also create your own password list or used By-Default password files that are in kali.

• Finally, Password was found, Enter the credentials in the login form and login as admin.

• Website Hacked !!!.

Stay Tuned with me to get more informative articles on cyber security, Ethical Hacking, and Bug Bounty.

Let’s get connected…Rent a Website Hacker