1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Taking Out the Competition

Discussion in 'Black Hat SEO' started by Foxy999, Jan 20, 2013.

  1. Foxy999

    Foxy999 Newbie

    Joined:
    Dec 30, 2012
    Messages:
    49
    Likes Received:
    4
    BHW,

    Hello again, my last post was about "the book," and some ideas to help get your comments / links to stick and evade spam filters. I would like to add, that on my journey into learning more about spam on "the book," I discovered a nice security vulnerability and submitted it to their white hat (lol) program. Finger's crossed for a pay out!

    Now to get down to why I am posting. This site is all about SEO.. more importantly black hat SEO.. but when I think of black hat in general, I think of talented coders and hackers doing work pwning servers, ect. - and this is what I am going to write about.

    What is one sure fire way to beat your competition? Take them out with force, and no I'm not talking about "Denial of Service" lame stuff..

    There is a great amount of websites that use public web apps / code to run their websites. And this will be your attack vector. There is a lot to write about this, so I will try to explain in the most logic way I can..

    One thing to note: Vulnerable web apps / PHP code do not have to be utilized to be exploited, meaning that if there is a vulnerable version of Wordpress on the server, but they aren't using it, like its just a dead install - it can still be attacked.

    The goal of this operation is to identify the websites web apps and web apps' version. There is a great deal of public exploits / reports of bugs for webapps all over the internet and can easily be found using google. After the web app and version are discovered, you must then find a public exploit or download the public source code for the app and find it yourself (PHP Knowledge required.) Below I will describe the possible ways to do all of this..

    - Getting to Know Your Target -

    Find out what web app they are using, to do this you must locate a default install file that has some information about the version, or a date / time of a revision and compare it to a revision in an archive for the web app.

    Wordpress has the /wordpress/readme.html for example, that displays the version.

    If you cannot quickly find the version you need (its all about experience with web apps, or just download popular source code and learn how the certain web apps work) you can brute force the directories to find pages on the server.

    To find theoretically every file on a server you can use a program called DIRBUSTER - this will get you everything you want. This will also uncover unused web apps, this is IMPORTANT because sometimes people just leave super old code on their server and think its ok because there are no links to it. YOU can find it, and you can exploit it just like any other web app gets exploited.

    Ok so you have found your web app and you know the version.. Now you go to google.. and google the web app name + version number + exploit..

    This will hopefully bring some results. If you do not find any public exploits, it is possible to find public vulnerabilities. There are huge official databases that archive these types of things.

    When a public vulnerability is found with no exploit, it is possible to read through the php source code (that you can download) and find the bug yourself. In the description of the vulnerability they never say exactly how the vulnerability works, they just hint at what page and what function is causing the bug.

    This does require knowledge of PHP, and you will probably have to download the source code and test the exploit yourself. Or write your own way to exploit the vulnerability.

    Yes this does require a good amount of php knowledge and php security / database security knowledge, but the rewards could be great.

    I hope this helps some people out.. Possibly open your eyes to new possibilities.

    Kindest Regards,
     
  2. antichrist

    antichrist Jr. VIP Jr. VIP

    Joined:
    Aug 21, 2012
    Messages:
    1,722
    Likes Received:
    2,070
    Location:
    On top of the world!
    No... just no.
     
  3. Untouchable

    Untouchable Supreme Member

    Joined:
    Mar 22, 2012
    Messages:
    1,345
    Likes Received:
    1,173
    Location:
    Canada
    One does not simply take out the competition.
     
  4. Untouchable

    Untouchable Supreme Member

    Joined:
    Mar 22, 2012
    Messages:
    1,345
    Likes Received:
    1,173
    Location:
    Canada
    Random spam crap. Waiting for you to get banned.
     
  5. dog-tag

    dog-tag Senior Member

    Joined:
    Oct 19, 2010
    Messages:
    811
    Likes Received:
    912
    Occupation:
    Full-Time Internet Marketer + Business Consultant
    Location:
    Thailand
    Reported! Go join hackforums
     
    • Thanks Thanks x 1
  6. Foxy999

    Foxy999 Newbie

    Joined:
    Dec 30, 2012
    Messages:
    49
    Likes Received:
    4
    This is a black hat method. Is it against the rules? I will gladly take it down!
     
  7. Untouchable

    Untouchable Supreme Member

    Joined:
    Mar 22, 2012
    Messages:
    1,345
    Likes Received:
    1,173
    Location:
    Canada
    Sigh. This is not Black Hat. This is ILLEGAL!
     
  8. Foxy999

    Foxy999 Newbie

    Joined:
    Dec 30, 2012
    Messages:
    49
    Likes Received:
    4
    Synonymous?
     
  9. Th3T3chGuy

    Th3T3chGuy Senior Member

    Joined:
    Jun 1, 2011
    Messages:
    889
    Likes Received:
    756
    Location:
    Behind You :)
    There are different types of 'black hat'. In our case, it's black hat seo, which has nothing to do with illegal activities.
     
  10. Untouchable

    Untouchable Supreme Member

    Joined:
    Mar 22, 2012
    Messages:
    1,345
    Likes Received:
    1,173
    Location:
    Canada
    Yup. Too many people think Black hat has something to do with hacking or frauding people.