Introduction to hacking session by DECODE


#1

I decided to talk about How You can Perform Website Hacking with simple No Redirect Addon
just for #Educational Purpose

About 50% Php Website Admin login Can Be Bypass through simple ways … but this morning I would like touse No Redirection Addson
Requirement:-

  1. Mozilla Firefox (Firefox Version 45.0) Updated Browser doesn’t support this so kindly downgrade your Mozilla to older version
  2. No Redirection Addson For Mozila (https://addons.mozilla.org/en-US/firefox/addon/noredirect/)
  3. A Target Website.

Link: https://btcminers.io/

Now Let’s Start:-

Method1:- Download and Activate NoRedirection addon on Mozilla

Method 2:- Open Your Target Website
Then firstly find the admin login panel by making use of /admin since most developers do use this to define their entrance page
so all we need is to add /admin at the end of site link

Demo: https://btcminers.io/admin
This site is vulnerable, so you’ll be welcome to the administrator module login page.
but since we don’t know the admin user login details and we are not kuku the owner of this website
Let try using “No Redirect addon”

Demo Site:-https://btcminers.io//
Administrator Login page: http://btcminers.io/admin

This admin page will redirect you back to
Redirect: https://btcminers.io/ login.php

this shows that https://btcminers.io/admin
is available

So we have to open our No Redirect Addon by clicking on alt keyboard on your pc navigate to Tools tab then click on No redirect to open it then copy the vulnerable path there

Vulnerable Path:https://btcminers.io/admin

then tick on source colum then lastly click on Add (this will close the Noredirect Addon)

Now let try To re Open https://btcminers.io/admin

Violla! We are inside the control panel of the site

Things I expect you to learn from this :
1- You will surely believe Security is just an illusion
11- you can dump all the Bitcoin users leads here Registered Users are here
https://btcminers.io/admin/user.php
111- Developer should hire an ethical hacker to test thier server before launch or you attempt hacking your site by yourself
1v-Bitcoin Mining doesn’t exist or you just lose your coins to the rippers (fake site owner)
v- I teach ethical hacking 100%
vi- you bear the responsibility of any harm done …

Insha Allah, I will try to teach you something unique in my next post…
Alhamdulilah- I remain DECODE z


#2

Great! I have always wanted to learn hacking/cyber security. But, I am too involved in coding. I hope we’ll learn things together Bro. :smile: