Unicorn

The how to become a Unicorn or how to do webhacking without skills guide [Part 1]

Recommended Posts

The how to become a Unicorn or how to do webhacking without skills guide [Part 1]

 

[hide]

Intro:

We all know you can't become a Unicorn. Im feeling sorry for breaking your dream, human. I am the only Unicorn. Made of failed childhood fantasies. But! Dont worry! Dont feel sad! Me, the magic Unicorn, I am here to teach you something else! Something epic! You will learn how to hack websites, even if you don't know anything about webhacking!

 

This is a detailed guide. Take your time to read and understand it!

 

 

What you need to start:

VPN (I recommend you perfect-privacy.com, google them!)

Windows 7 / 10

Tools mentioned in this guide

Common sense

 

 

Before we start you have to calm down. Take a deep breath and free your brain. Let me help you. Look at this beautiful picture of me when i was a teenager:

500x500https://derpicdn.net/img/2018/6/29/1768883/large.png[/img]

Hey! Stop! You did not watched it in detail! Seriously, take a look.

 

Part #1

[align=justify]I recommend you to use a clean Windows 10 in VmWare because it's a clean and safe place to start but it's not a 'must have'.

We will start with setting everything up.

Download and install Firefox: https://www.mozilla.org/de/firefox/

Now download and install WhatCMS: https://addons.mozilla.org/en-US/firefox/addon/what-cms-is-this/[/align]

[align=justify]You will need to move your fresh installed Plugin, follow these pictures:

n1c3cr6.jpg

n2frcz8.jpg

n3k2iod.jpg[/align]

 

After installing WhatCMS you will need to install Whappalyzer: https://addons.mozilla.org/firefox/addon/wappalyzer/

You can find your installed Whappalyzer here:

nr4racbx.jpg

 

We need both Plugins to check which CMS and web technologies a website is using. This is a important step before we choose the right website for an attack. I will tell you later more about it.

Great! Your Firefox is ready to use!

Now we will install and configure the needed software to find the mighty bug hole.

images?q=tbn:ANd9GcR4Deoqhj7ZRl-0ZZD9VYTaOp8XuWfUBwK61PQiqHzr1UNJIZw7

We will use Netsparker. Netsparker is a paid premium Vulnerability Scanner, one of the most accurate Scanners out there.

Netsparker Website: https://www.netsparker.com/web-vulnerability-scanner/

Dont worry, you dont need to buy it!

I am a magic Unicorn! Dont forget that! As a mighty and incredible cute Unicorn I am able to upload a cracked version to Mega.nz: https://mega.nz/#!Pmgn3CCI!llUDyixjxV-n89DLKDHJODWU4U-BonlARzDHGupkqAs

Before you download it, keep in mind that this cracked tool could be infected with creepy malware. That's why i recommended you to use a virtual Windows. Ofcourse, it's a clean cracked version.

Here is a Virustotal Scan of it: https://www.virustotal.com/en/file/ac0eb8f4c18cbfcbb11e01f23d63ce7bb645b92d423087aa3c9dd174500ee5f2/analysis/1541816831/

Scan the files on your own if you dont trust me.

Lets proceed to Netsparker Setup!

Unpack Netsparker.rar and open the Netsparker.exe file.

It might take some time to load, on start you will see a Infobox about an Update:

n5ticfd.jpg

Press on "Cancel".

Now press on "New" like in this picture:

n6wrfnc.jpg

A new Popup will open.

Press on the "Options" button:

n761cup.jpg

Whoa! So many options! Dont panic, i will show you what you will need.

At first:

I uploaded you a Netsparker Scan Policy. Its a file thats tells Netsparker what it should do.

Netsparker Scan Policy: https://mega.nz/#!fyAWUKhT!nPJgymB3-PUmaC72O26IJZXhieMLG4U_rbJi7oxDKdM

Now put the "Sql Injection.xml" File in this path:

C:\Users\YourUsername\Documents\Netsparker\Policies

n8ued80.jpg

Once you inserted it you will need to restart Netsparker.

Press on "New", again.

Now just follow these pictures and change the Scan Policy to "SQL Injection":

n90beg2.jpg

n104wegr.jpg

 

n117zdtm.jpg

 

Great! You did it! Only a few things left to configure in Netsparker.

Click on "Scope":

n12gvi3o.jpg

Change the Scope from "Entered Path and Below" to "Whole Domain".

n13epiz0.jpg

Netsparker is now configured. We could enter a website now for an attack. But let me show you how to find good targets at first!

 

Part #2

Open your new configured Firefox and open Google.

There are many ways to find potential websites. Most huuumans are using "private HQ Googledorks" because they dont know how to do it the Unicorn way.

Oh by the way.

Here is another cute picture of me:

002.jpg

My mother made this awesome picture of me on my first school day!

Okay... Back to topic...

You dont need Google dorks. Just type something.

Now it's time to filter the results.

Let us take a look at this site:

n13zenq.jpg

Right click, open in a new tab...

n2imfm7.jpg

Wow! This website has a Login Feature. There are members or atleast someone with a password!

Now we check if WhatCMS detects a ppoular CMS like Wordpress. We dont want a popular CMS, they are unhackable for us without super advanced webhacking skills.

n36hej7.jpg

Looks good! WhatCMS cant detect a CMS.

Let's check Whappalyzer!

n44acow.jpg

Not much informations here... But who cares! Let's try this website anyways.

Head over to your Netsparker and enter the URL of this site...

Link to image because only 20 images are allowed:

Image: Link to Image

Press "Start Scan" and Netsparker will start crawling and attacking the Site.

I think it's time to explain what you will see...

Link to image because only 20 images are allowed:

Image: Link to Image

In the "Issues" Window you will find all informations about a found Vulnerability, if Netsparker was able to find something.

Sadly Netsparker found nothing here.

Time to take a look at the other Google Results.

 

 

In the meantime i will write Part 2.

Main focus of Part 2 will be:

What we do if we found a Vulnerability

How to exploit a Vulnerability

How to Dump a Database

 

[/hide]

Feel free to ask questions, post comments or suggestions.

Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work.

Share this post


Link to post
Share on other sites

damn I wanna be a fucking unic0rn LES g0000  :fiesta: :fiesta:

 

Edit: ;((((( i cant be a fuking unicorn

Share this post


Link to post
Share on other sites

This is a bump

Share this post


Link to post
Share on other sites

This is a bump

Share this post


Link to post
Share on other sites

Great share. Thanks

Share this post


Link to post
Share on other sites

lets hope i learn something from this

Share this post


Link to post
Share on other sites

The how to become a Unicorn or how to do webhacking without skills guide [Part 1]

 

 

Feel free to ask questions, post comments or suggestions.

Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work.

 

Lemme see dis amazing feckin guide

Share this post


Link to post
Share on other sites

Being a unicorn is cool?

Share this post


Link to post
Share on other sites

totally not leeching will actually learn

Share this post


Link to post
Share on other sites

how to do u know is the site is vulnerable ? or no?

Share this post


Link to post
Share on other sites

Just release part 2 ffs

Share this post


Link to post
Share on other sites

I really wanna be a unicorn :)

ill check it out

Share this post


Link to post
Share on other sites

yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

Share this post


Link to post
Share on other sites

The how to become a Unicorn or how to do webhacking without skills guide [Part 1]

 

 

Feel free to ask questions, post comments or suggestions.

Before you leech this guide, please keep in mind that it took me several hours to write it down. You know, tipping all these words with my awesome Unicorn hoovels is hard work.

Share this post


Link to post
Share on other sites

Love this guide ! Hope ur back our Unicorn!

Share this post


Link to post
Share on other sites

hope ill learn something from this. thx

Share this post


Link to post
Share on other sites

Heyyy, im the guy from discord and you linked me to this thanks bro, appreciate the amazing work!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.