Basics of Web Hacking

Tools : Command Prompt


1) Finding a server I.P


First of all you will want the server I.P address, to gain this goto your start menu and click run. Then type cmd or command (whichever works).

Type the following :


You should get something similiar to the following output :

Pinging [] with 32 bytes of data:

Reply from bytes=32 time=121ms TTL=51
Reply from bytes=32 time=123ms TTL=51
Reply from bytes=32 time=120ms TTL=51
Reply from bytes=32 time=120ms TTL=51

Ping statistics for
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 123ms, Average = 121ms

You now have the server I.P


2) Look up the host\’s name server


Now in command prompt, type nslookup. Nslookup will say something like:

Default Server:
Address: <ip>

Now type set type=all, this will show all server details.
Next type the server domain E.G

You should get an output similiar to :

Non-authoritative answer: internet address =
primary name server =
responsible mail addr =
serial = 2005032200
refresh = 50400 (14 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 3600 (1 hour) nameserver = nameserver = MX preference = 5, mail exchanger = MX preference = 10, mail exchanger = internet address = internet address =

You now have the nameserver details of this website. What to do next?

Well open up your browser and type or

What you get there depends on the website you are looking at, sometimes you get a placeholder or a domain name login page.


3) What about that i.p, what do i do with that? (part 1)


First of all you will want to scan for all open ports on that server. To do that check the end of this article where tools you will need will be listed.
When you obtain one of the tools just type in an i.p and it will scan for open ports.

You will now have a list of open ports on the webserver.

Here is a list of some common webserver ports:

Port Service
21 FTP (File Transfer Protocol)
25 SMTP (Simple Mail Transer Protocol)
53 Domain
80 HTTP (Hyper Text Transfer Protocol)
3306 MYSQL

For an advanced list goto

Now you can do one of the following :
Open command prompt and type Telnet i.p port E.G telnet 80
This will connect to the i.p on the port which is open.

Sometimes you will get an output for example if it was port 25 you may get

220 ESMTP Sendmail 8.12.10/8.12.10; Sat, 26 Mar 2005 17
:50:43 -0500

You could use that to send emails.

Or for port 21 it could be something like :

220 ProFTPD FTP Server ready.

User : type user
Pass : type pass

On port 3306 you could access their sql database.

To do this download the newest version of mysql and install it:

Once you have install MYSQL goto the installed directory and goto the bin folder and execute MySqlManager.exe

You will have a window in the center named something like MysqlM1, right click this window and goto register server.
A new window will come up:
In the following input the server details :

Servername : anything doesn\’t matter
Host : the target i.p
Port : 3306 usually

Select use standard security.

Obviously you will need the username and password.

Here are common ones:

User Password


root root
admin root
admin admin
admin root
apache apache
root apache

and so on, try various combinations. Your chances are very slim though, your better off trying to gain the password with an alternative method. Brute Force,Dictionary.

Now click register, the newly assigned server will appear in the main window, double click it, if you gave correct login info it will open up the database.


4) What else can i do with that I.P (part 2)


Well, there are other things you may do with the newly obtained I.P. I will show you some below.


Or open command prompt and type :
net use * \\\\ip\\directory$ \’
note : directory being your input

You should get a message if you guess a correct directory e.g
Enter the user name for \’targetip\’:

If you get an incorrect directory you will receive this message :
System error 53 has occurred.

The network path was not found.

For those of you who don\’t know, the command net will map a network drive on your system. The * simply tells the command to use the next free drive. For full synthax type net use /? or net /?.


5) Sql Injection


As there are plenty of articles on this site explain Sql injection i won\’t bother. I just thought i would mention it.


6) Cookie viewing,changing


Again i have seen articles on cookies so i won\’t explain this.


7) Good Tools for web hacking. (google them)


Brain (You might get one….maybe :-P)
Angry I.P Scanner (can be setup to scan ports)
BluesPortScanner (port scanner)
Stealth Http vulnerability scanner (Scans websites for known vulnerabilities)
N-Stealth (same as above)
WinSSLMiM (Man in the middle)
WinTCPKill (TCP connection killer)
WinDNSSpoof (DNS I.D spoofer)
SQLdict (Cracks SQL Servers with a dictionary attack)
WWWhack (guess passwords on login forms)
NETBrute (port scanner,password cracker)
Nmap (Excellent tool you should get it)
NTbrute (Hacking network shares)


If you need any help, send me a message at or add me to msn. o x i o<<<<at>>>> (without the spaces or arrows)

And yes i know i make little sense, if you add me i may be able to help you.

\\*\\/*/ Araym|Velocity
/*/\\*\\ x9000q

Leave a Reply

Your email address will not be published. Required fields are marked *