In this guide there are a few steps on how to gain administrator access to most websites utilizing low level security. Note: this method may not work and regardless of its success I will not be held responsible for any negative repercussions of your actions. This is only intended for testing your OWN website for security flaws unless otherwise authorized by the owner of the site to do so. The term “hack” is marked with an asterisk to indicate that it is not actually a “hack” but more of a stab in the dark approach, you may be lucky and you may not be; although it is much wanted of myself and others that you do not call this a “hack” as it is not a “hack” it is a search hoping to reveal the obvious and that is all.

 

The first step in gaining some form of elevated access to a secured webpage is of course through the oldest trick in the book; reading the source code. To read the source code you will need to set your browser to be viewing the webpage that you intend to “hack” and click the “view” button in the file menu at the top of the web browser window.

 

Next you will need to search the source code looking for any suspicious looking phrases such as a mix of letters, numbers or a combination of the two. If it appears you have found something that looks like it may be password related you will need to store it on paper or in a file on your computer for later reference.

 

Now, you will need to combine this suspicious chain of numeric or alphanumeric characters with a common administrator username. The most common user names include; admin, administrator, Admin, Administrator. If you would like more common usernames then it is advised that you search the term “common administrator usernames” using your preferred search engine (I recommend Google as it is more insecure when it comes to hiding the confidential information of websites such as passwords, sensitive information and other data not intended for the public eye).

 

If you have tried many usernames and are still not satisfied with the results then the next step could be one of two things. You could attempt to search the source code for the term “password.php” or you could search the file index of the site directly using your browser and search for the file named “password.php”.

 

Also, if you believe that you have drained all of your sources of relevant passwords then you could also search the term “default administrator passwords” using Google or any other search engine that you feel comfortable with.

 

Once you have gathered what you consider to be a decent list of usernames and passwords then you can attempt to combine them either manually by combining them in the corresponding data boxes of the website or by using some kind of brute forcing program, which can be found by searching the term “brute force software”.

 

If this method works then you will have gained access to YOUR website and will now have reason to change your passwords and or usernames to one that would be a lot more difficult to break.

 

Have fun, use this guide only for constructive purposes. I will not be held responsible for any misuse of this guide as it is intended for informational purposes ONLY.

Advertisements