New here... don't kill me =)

Started by azrael, April 05, 2005, 01:52:42 PM

Previous topic - Next topic
OK, reading some of the journal and doing some work with my old man a few years back (Computer Security Consultant and ex-White Hat), I have decided to start learning some hacking.

What I am most interested in, being a small-time web designer is hacking websites- that is the steps of gaining entry to source and getting a knowledge of exploits.

Can anyone here help me with where to start, I realise most of the actual hack would be knowledge of website scripting and languages (JS/PHP/CGI etc.) so what I want from here is some kind of tutorial on the steps you would take to actually gain entry to a web server in order to make the changes without use of social engineering...

Hope someone can help

-azrael

There really is no single set of steps to gain entry. It usually depends on the configuration of the system (and also any vulnerabilities not patched up, etc.).

But a general thing that would be done is:

Gather information about your target (find what OS it runs, the version of the web server [e.g., apache, iis], etc) and research if you have to.

Then either find a written exploit or come up with something on your own.

Lastly run your exploit (assuming it's a remote exploit which is what would be the most satisfying for people on the Internet). And then go in...

Oh, and don't destroy things. That's not very nice for the admin and can also land you in deep trouble.


There are a lot of vulnerable webservers out there, that you just have to run a remote exploit. I have a friend who showed someone (who never touched security before that day) an exploit and he actually got access to a system. Kind of pathetic for the admin and the one who did it, but it gives you an idea.

(and that's only a few of the things).

"My Terminal is my Soul"

I would suggest setting up you own webservers (Apache, IIS, etc) and then start with the easy stuff like service misconfigurations, bad cgi coding, javascript coding, and the easiest of all: Flash login stuff. Google is your friend for all of this stuff.

Then, start to dive into the cool stuff: Learn C, C++, Perl, etc enough to understand source code...build fuzzers, create your own techniques for looking for some of the older stuff like buffer overflows, heap overflows, and even integer overflows. There are some good books, online articles for this as long as you take the time to learn a little bit of ASM and get used to debuggers like gdb. Then you will be on your way to reverse engineering and exploit writing...

Good Luck!

Wilnix
alt email address: wilnix@hackphreak.org

SMF spam blocked by CleanTalk