Stakkato Principal - method of hacking

September 2, 2014
(183 views)

Dear Readers,
We would like to introduce you "Stakkato" hacking method.
Take a look!
"Stakkato Principal"
Author: Mardian Gunawan

Introduction:
Stakkato, or stakkato intrusion are known for its simplicity to take over thousand of high profile website. Basically its just leveraging using known (kiddies) methods yet the impact is devastating. knowledge one will gain and what one will learn after reading this article is to explore, making use of , technology, and circumvent it of course. All I do is just to prove my theory that stakkato attack can be done in any level, that's it.

Steps

1. From sqli attack on one site, some os command executions, gets data of email and password of approx. 41.754 accounts in hand(and a full ownage of the server).

#Technical# Sqli, nmap, backdoor, os command execution(ftp-s:filename, etc) blabla, do your homework kids

The sqli is not important, yet we focus on what to do with it.

2. More digging on the loot. Gmail user: approx. 10.000 user.

Using checker we gets 427 valid username and password of approx. 3.000 creds of 10.000. Creds could be collected: more than 1.400 creds.

Yahoo user give appprox 8/10 by using manual checking, which is the rest majority account of 41.754.

Creds could be collected:

30.000 yahoo user * 8/10 = 24.000 yahoo users.

Twitter account?, interesting, really. if enough time & resources

#Technical#

The main data are on csv file, using bash/terminal we sort it out(using cut, grep, sed etc), really....






© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.