Unicorn 126 The how to become a Unicorn or how to do webhacking without skills guide [Part 1] [hide] Intro: We all know you can't become a Unicorn. Im feeling sorry for breaking your dream, human. I am the only Unicorn. Made of failed childhood fantasies. But! Dont worry! Dont feel sad! Me, the magic Unicorn, I am here to teach you something else! Something epic! You will learn how to hack websites, even if you don't know anything about webhacking! This is a detailed guide. Take your time to read and understand it! What you need to start: VPN (I recommend you perfect-privacy.com, google them!) Windows 7 / 10 Tools mentioned in this guide Common sense Before we start you have to calm down. Take a deep breath and free your brain. Let me help you. Look at this beautiful picture of me when i was a teenager: https://derpicdn.net/img/2018/6/29/1768883/large.png[/img] Hey! Stop! You did not watched it in detail! Seriously, take a look. Part #1 [align=justify]I recommend you to use a clean Windows 10 in VmWare because it's a clean and safe place to start but it's not a 'must have'. We will start with setting everything up. Download and install Firefox: https://www.mozilla.org/de/firefox/ Now download and install WhatCMS: https://addons.mozilla.org/en-US/firefox/addon/what-cms-is-this/[/align] [align=justify]You will need to move your fresh installed Plugin, follow these pictures: [/align] After installing WhatCMS you will need to install Whappalyzer: https://addons.mozilla.org/firefox/addon/wappalyzer/ You can find your installed Whappalyzer here: We need both Plugins to check which CMS and web technologies a website is using. This is a important step before we choose the right website for an attack. I will tell you later more about it. Great! Your Firefox is ready to use! Now we will install and configure the needed software to find the mighty bug hole. We will use Netsparker. Netsparker is a paid premium Vulnerability Scanner, one of the most accurate Scanners out there. Netsparker Website: https://www.netsparker.com/web-vulnerability-scanner/ Dont worry, you dont need to buy it! I am a magic Unicorn! Dont forget that! As a mighty and incredible cute Unicorn I am able to upload a cracked version to Mega.nz: https://mega.nz/#!Pmgn3CCI!llUDyixjxV-n89DLKDHJODWU4U-BonlARzDHGupkqAs Before you download it, keep in mind that this cracked tool could be infected with creepy malware. That's why i recommended you to use a virtual Windows. Ofcourse, it's a clean cracked version. Here is a Virustotal Scan of it: https://www.virustotal.com/en/file/ac0eb8f4c18cbfcbb11e01f23d63ce7bb645b92d423087aa3c9dd174500ee5f2/analysis/1541816831/ Scan the files on your own if you dont trust me. Lets proceed to Netsparker Setup! Unpack Netsparker.rar and open the Netsparker.exe file. It might take some time to load, on start you will see a Infobox about an Update: Press on "Cancel". Now press on "New" like in this picture: A new Popup will open. Press on the "Options" button: Whoa! So many options! Dont panic, i will show you what you will need. At first: I uploaded you a Netsparker Scan Policy. Its a file thats tells Netsparker what it should do. Netsparker Scan Policy: https://mega.nz/#!fyAWUKhT!nPJgymB3-PUmaC72O26IJZXhieMLG4U_rbJi7oxDKdM Now put the "Sql Injection.xml" File in this path: C:\Users\YourUsername\Documents\Netsparker\Policies Once you inserted it you will need to restart Netsparker. Press on "New", again. Now just follow these pictures and change the Scan Policy to "SQL Injection": Great! You did it! Only a few things left to configure in Netsparker. Click on "Scope": Change the Scope from "Entered Path and Below" to "Whole Domain". Netsparker is now configured. We could enter a website now for an attack. But let me show you how to find good targets at first! Part #2 Open your new configured Firefox and open Google. There are many ways to find potential websites. Most huuumans are using "private HQ Googledorks" because they dont know how to do it the Unicorn way. Oh by the way. Here is another cute picture of me: My mother made this awesome picture of me on my first school day! Okay... Back to topic... You dont need Google dorks. Just type something. Now it's time to filter the results. Let us take a look at this site: Right click, open in a new tab... Wow! This website has a Login Feature. There are members or atleast someone with a password! Now we check if WhatCMS detects a ppoular CMS like Wordpress. We dont want a popular CMS, they are unhackable for us without super advanced webhacking skills. Looks good! WhatCMS cant detect a CMS. Let's check Whappalyzer! Not much informations here... But who cares! Let's try this website anyways. Head over to your Netsparker and enter the URL of this site... Link to image because only 20 images are allowed: Image: Link to Image Press "Start Scan" and Netsparker will start crawling and attacking the Site. I think it's time to explain what you will see... Link to image because only 20 images are allowed: Image: Link to Image In the "Issues" Window you will find all informations about a found Vulnerability, if Netsparker was able to find something. Sadly Netsparker found nothing here. Time to take a look at the other Google Results. In the meantime i will write Part 2. Main focus of Part 2 will be: What we do if we found a Vulnerability How to exploit a Vulnerability How to Dump a Database [/hide] Feel free to ask questions, post comments or suggestions. Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work. Quote Share this post Link to post Share on other sites
SSJ 207 damn I wanna be a fucking unic0rn LES g0000 :fiesta: :fiesta: Edit: ;((((( i cant be a fuking unicorn Quote Share this post Link to post Share on other sites
Rickzoips544 0 thanks for the guide, hope ill learn something from this. Quote Share this post Link to post Share on other sites
ExBox720 3 lets hope i learn something from this Quote Share this post Link to post Share on other sites
Placing 66 The how to become a Unicorn or how to do webhacking without skills guide [Part 1] Feel free to ask questions, post comments or suggestions. Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work. Lemme see dis amazing feckin guide Quote Share this post Link to post Share on other sites
Merged 80 totally not leeching will actually learn Quote Share this post Link to post Share on other sites
PinnKs 47 how to do u know is the site is vulnerable ? or no? Quote Share this post Link to post Share on other sites
PumkinPatch 0 I'm growing a horn on my head wtf? Thanks!!! Quote Share this post Link to post Share on other sites
blargon 4 I really wanna be a unicorn :) ill check it out Quote Share this post Link to post Share on other sites
deanbesmooth 0 I wanna be unicorn too I guess Quote Share this post Link to post Share on other sites
ibrahim69 2 The how to become a Unicorn or how to do webhacking without skills guide [Part 1] Feel free to ask questions, post comments or suggestions. Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work. Quote Share this post Link to post Share on other sites
SioVer 41 Love this guide ! Hope ur back our Unicorn! Quote Share this post Link to post Share on other sites
jay12152 1 hope ill learn something from this. thx Quote Share this post Link to post Share on other sites
Forzadiver24 24 Heyyy, im the guy from discord and you linked me to this thanks bro, appreciate the amazing work! Quote Share this post Link to post Share on other sites
