Author: Trix Cyrus
First Of All Understanding Website Defacing Without That It Isn't Possible.
What is Website Defacing?
Website defacing happens when hackers change the appearance of a website without permission. They often replace the original content with their own messages or images. This can cause serious problems for businesses and organizations.
Why Do Hackers Deface Websites?
Hackers have various reasons for defacing websites:
~ Political Statements: Some want to express their views or beliefs.
~ Vandalism: Others do it for fun or to show off their skills.
~ Revenge: Disgruntled employees may deface their former employer's site.
How To Deface :
There are many ways to deface a website by xss ,lfi etc..
But
We'll Learn the easiest method which is
SQL INJECTION
Yes Using SQL injection we can deface a site just follow these steps to find targets and exploit them
Firstly Finding Target - You can use Google Dorking to find Random Vulnerable target or You can choose your own target and scan if it is vulnerable to sql injection or not
Tool for scanning: I'll suggest My Own tool for scanning and crawling for SQL injection named Waymap(https://github.com/TrixSec/waymap)
It is the fastest and best tool for finding sql injection Vulnerability better than sqlmap in this case I'll add automatic google Dorking in this soon
Next step is exploit the vulnerability: You can exploit it easily and automatically using Sqlmap . Comment if you want full sqlmap tutorial and best commands for exploitation
Tool For exploitation : Sqlmap
After successfull exploitation you will get the database access of the target website next step is to find admin panel of the site and find the admin credentials of the target site
I'll make a best tool for finding admin panel soon till then use any script from GitHub
After you login into the admin panel find any option for uploading media file
Next upload webshell to the target url I'll suggest alfa-v4 shell for apache server use suitable shell which can be executed easily on the server
For Microsoft IIS servers use .aspx shells
For apache servers use .php shell
And always use new and latest shells
After uploading the shell you can open the shell in whichever directory the shell was uploaded example: https://example.com/gallery/shell.php
After that it wills show many tools of the shell and if the server is hosting multiple sites on it you can deface all of them under a minute
Find option for deface or mass deface option on the shell before that upload the deface.html (the page you want to display on the site)
Then write the path of the folder or the page that you want it deface and put the path of the deface.html that you uploaded on the server then choose if you want to deface all pages or deface only index page don't choose all files if you don't want to harm the website
Then go and it will deface the site under 5 seconds
*EASIEST WAY EVER *
**#DON'T DO ALL THESE THINGS ON ANY REAL SITE OR WITHOUT THE OWNER PERMISSION..
IT IS FOR EDUCATIONAL PURPOSES ONLY AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGE CAUSED BY THIS**
Also Defacement comes under cybercrime and I'll not be responsible for any misuse
AND THAT'S ALL ABOUT DEFACEMENT