How to Deface Website Using Android
To make it easier and can be directly practiced, so I chose android as a tool. For PC, you can, because it only uses chrome in the process. Here are the steps to deface from android.
1. Open the google chrome application to search for the target website.
2. Enter query dork in the chrome address box to find the vuln site. This is the query I used before, intext:powered by w2box.
3. Select a site from google dork search results. All sites that are displayed are already indicated vuln, so please choose which one. If I've tried to pixelindustry.co.nz.
4. Upload the deface script in the file upload box on the target site. This script determines the appearance of the defaced page. The format can be .jpg or .txt. I have listed an example below.
5. Access the new defaced page. The trick is to type the name of the target site/data/script name or the quick way is to click directly on the uploaded file on the page.
If successful, the site will display the contents of the script that you uploaded. So make the script as attractive as possible and include your identity to make it look pro.
Well, that's a simple way to deface a website. So for beginners, you can definitely practice it. The reason is because the target website has been declared vulnerable. Apart from the above method, there is another way that is also easier, namely using the termux application.
How to Deface a Website Using Termux
Termux is an android application to run scripts, one of which is a deface script. This script works automatically based on the data entered when the script runs. So to be able to deface a website using termux, you have to install the deface script then run it to find the live target and enter other data such as dork and html scripts. The most popular and easy to use termux deface script is webdav. Here's how to install and use webdav in termux.
Here's How To Use Webdav To Deface
1. Install the webdav source code to termux
Open termux application, then enter this command. pkg install wget python2 openssh libcurl openssl curl pip2 install urllib3 chardet certifi idna requests wget https://raw.githubusercontent.com/storiku/webdav/master/webdav.py Press enter for every 1 command line
2. Prepare the mainstay deface script
The format of the script must be .html. To make it the same as the html code of a website page. For those who already have it, just move the script file outside of any folder but it must be on internal storage. Then go to termux apk again and write this command. termux-setup-storage cp -f /sdcard/scriptname.html $HOME Click allow when a notification appears. The script file must be .html yes, while the name is up to you. Example: The script file name is omcyber.html So the command is cp -f /sdcard/omcyber.htlm $HOME
3. Run the webdav script to start deface
Still on the termux application, type the following command. python2 webdav.py webtarget scriptdeface.html Example: python2 webdav.py http://hq.prospec.co.th/omcyber.html This command means that it will deface the web http://hq.prospec.co.th/ with the omcyber.html script The web http://hq.prospec.co.th/ has detected a vuln, so it should work. If the targeted website is not vuln, then the termux website defacement method will not work.
To see the results, just access the link that appears from the termux process.
Well, that's the webdav method of adding pages to a website with a view that you set yourself. The webdav tool is not just one, but there are many versions with different uses. I will discuss in a separate post.
Next, just study other methods as I mentioned above.
Website Deface Method
1. Poc
Poc is a method of defacement by uploading files from the dashboard of the site's page. File formats can be .txt, .html, .php, and .jpg. To enter the site dashboard, you can take advantage of the CMS website dork which has a gap.
2. Jso
Jso is a way to deface a website by inserting a jso script into a website. This script can be made from the jso generator tool or download it on the internet. The jso upload target is a website that contains a vulnerable registration page with jso queries.
3. Slash Index
Same with poc, only different from its use of query dork. Tebas index uses a dork that displays a dashboard index containing folders and files from a website. This index is like a file manager, so you can add and delete files.
4. Webdav
Deface webdav is a deface method by utilizing webdav tools. This tool will search for vuln websites based on webdav queries then change the visual appearance based on the uploaded sc deface. To run it can use the termux application.
1. Open the google chrome application to search for the target website.
2. Enter query dork in the chrome address box to find the vuln site. This is the query I used before, intext:powered by w2box.
3. Select a site from google dork search results. All sites that are displayed are already indicated vuln, so please choose which one. If I've tried to pixelindustry.co.nz.
4. Upload the deface script in the file upload box on the target site. This script determines the appearance of the defaced page. The format can be .jpg or .txt. I have listed an example below.
5. Access the new defaced page. The trick is to type the name of the target site/data/script name or the quick way is to click directly on the uploaded file on the page.
If successful, the site will display the contents of the script that you uploaded. So make the script as attractive as possible and include your identity to make it look pro.
Well, that's a simple way to deface a website. So for beginners, you can definitely practice it. The reason is because the target website has been declared vulnerable. Apart from the above method, there is another way that is also easier, namely using the termux application.
How to Deface a Website Using Termux
Termux is an android application to run scripts, one of which is a deface script. This script works automatically based on the data entered when the script runs. So to be able to deface a website using termux, you have to install the deface script then run it to find the live target and enter other data such as dork and html scripts. The most popular and easy to use termux deface script is webdav. Here's how to install and use webdav in termux.
Here's How To Use Webdav To Deface
1. Install the webdav source code to termux
Open termux application, then enter this command. pkg install wget python2 openssh libcurl openssl curl pip2 install urllib3 chardet certifi idna requests wget https://raw.githubusercontent.com/storiku/webdav/master/webdav.py Press enter for every 1 command line
2. Prepare the mainstay deface script
The format of the script must be .html. To make it the same as the html code of a website page. For those who already have it, just move the script file outside of any folder but it must be on internal storage. Then go to termux apk again and write this command. termux-setup-storage cp -f /sdcard/scriptname.html $HOME Click allow when a notification appears. The script file must be .html yes, while the name is up to you. Example: The script file name is omcyber.html So the command is cp -f /sdcard/omcyber.htlm $HOME
3. Run the webdav script to start deface
Still on the termux application, type the following command. python2 webdav.py webtarget scriptdeface.html Example: python2 webdav.py http://hq.prospec.co.th/omcyber.html This command means that it will deface the web http://hq.prospec.co.th/ with the omcyber.html script The web http://hq.prospec.co.th/ has detected a vuln, so it should work. If the targeted website is not vuln, then the termux website defacement method will not work.
To see the results, just access the link that appears from the termux process.
Well, that's the webdav method of adding pages to a website with a view that you set yourself. The webdav tool is not just one, but there are many versions with different uses. I will discuss in a separate post.
Next, just study other methods as I mentioned above.
Website Deface Method
1. Poc
Poc is a method of defacement by uploading files from the dashboard of the site's page. File formats can be .txt, .html, .php, and .jpg. To enter the site dashboard, you can take advantage of the CMS website dork which has a gap.
2. Jso
Jso is a way to deface a website by inserting a jso script into a website. This script can be made from the jso generator tool or download it on the internet. The jso upload target is a website that contains a vulnerable registration page with jso queries.
3. Slash Index
Same with poc, only different from its use of query dork. Tebas index uses a dork that displays a dashboard index containing folders and files from a website. This index is like a file manager, so you can add and delete files.
4. Webdav
Deface webdav is a deface method by utilizing webdav tools. This tool will search for vuln websites based on webdav queries then change the visual appearance based on the uploaded sc deface. To run it can use the termux application.