Umm… if he’s threatening, then he probably can’t do it.
It all depends on the website’s host. If the host is protected by a firewall, most attempts to hack get logged and rejected. (Which is why most hackers take over other people’s computers first, so they don’t get caught)
Unfortunately, most “dumb” hackers can probably download some program to do some damage.
One is through the front door. Logging in with either a login/pass that they got through social engineering (conning someone out of their login/pass) or through a brute force attack (using a program to try all kinds of log/pass combos, which will get noticed most of the time)
The other is through a bug in the system. Either a server on the system has a bug that a cracker can exploit to get in or a brain dead setting (like leaving a server sitting on the internet with no password for the admin account).
Even the best programs will have bugs now and then which is why if you’re going to have any system on the net you really need to keep up on security fixes.
It’s next to impossible. “Hacking” doesn’t work the way it does in movies.
The best he can hope to do is get lucky and guess the password. Could Possibly do a denial of service wherein he swamps the host with requests such that “real” visitors can’t access it. This isn’t really hacking though.
Whenever I get one of these…ahem…“threats” I always encourage them to do their worst. That just pisses them off because they know they can’t really do squat.