assitance please

Viewing 16 reply threads
  • Author
    Posts
    • #6643
      CTRLS
      Participant

      what knowledge do you need to know to start hacking websites

    • #41286
      impelse
      Participant

      httml, php and some knowledge of SQL transactions (query), just to begin

    • #41287
      CTRLS
      Participant

      Well I know most of that but isnt there more to it

    • #41288
      MaXe
      Participant

      And legal issues Β πŸ˜‰ If you’re a total newbie, you can A) Search forums (and blogs) for tutorials on Web Application Security; B) Read The Web Application Hackers Handbook.

      Both things are worth doing, even though I didn’t read the second one, it certainly did look interesting Β πŸ˜‰ I think reading that book will probably be a shortcut to most, to get most of the basics and even some more advanced stuff.

      When you’re ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc. Β πŸ˜‰ (Find them yourself, you should. If you’re going to become a real hardcore web app hacker.)

      And last but not least, learn how to spot coding errors in e.g. PHP scripts so you can find 0days yourself as well. Sometimes, it’s boring to look through a billion lines of code, but then you can alternatively grab a copy of the web app, install it on your own server, test it for vulnerabilities Β πŸ˜‰ (With your own methods, NO automated scanners. In most popular web app’s they wouldn’t do any good except waste your time. This doesn’t apply to addons for popular web apps, as the addons are often vulnerable.)

      PS:
      @CTRLS wrote:

      Well I know most of that but isnt there more to it

      There’s A LOT more to it thank you think!Β  ;D
      Create something like this: http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
      Video: http://www.youtube.com/watch?v=B6QAjB3kYec

      That’s pretty much when I go in-depth with my skills, to prove that even XSS can be deadly if you just use your knowledge (and imagination) right.

      Reference: http://www.exploit-db.com/category/maxe/

    • #41289
      CTRLS
      Participant

      Is it neccesary to learn reverse enigeneering (my bad abou the speling im at school)

    • #41290
      CTRLS
      Participant

      Thank you once again MaXe (you’ve been a bigg help)

    • #41291
      cd1zz
      Participant

      When I think of RE I think of compiled code. If you’re trying to test a specific web application, it wont help. If you’re trying to find 0 days in the web server that the web app is running on, you could RE the binaries of the webserver.

    • #41292
      CTRLS
      Participant

      Is CSS required to know while hacking???
      i havn’t really looked at it :/

    • #41293
      cd1zz
      Participant

      Yes, if you want to “hack”, you need to know every thing about whatever you’re testing. So, go learn that too.

    • #41294
      rattis
      Participant

      @MaXe wrote:

      Read The Web Application Hackers Handbook.

      I want to read that book. Looks and sounds better than Hacking Exposed: Web Applications 3rd Edition (granted I’ve only thumbed the other one and going on what I’ve heard here). Not that I’m knocking HE:WA3E.

      Anyway the new edition of The Web Application Hackers Handbook is due out in September. I’m waiting til then to order.

    • #41295
      tturner
      Participant

      You can port scan intranets with CSS πŸ™‚

    • #41296
      CTRLS
      Participant

      ok cause i was just going to move onto .ASP and the rest of PHP

    • #41297
      cd1zz
      Participant

      That’s a great place to start.

    • #41298
      MaXe
      Participant

      @CTRLS wrote:

      Is it neccesary to learn reverse enigeneering (my bad abou the speling im at school)

      It’s good to learn about, but don’t start with this unless you want to go deep straight ahead. Reverse engineering PHP applications is not really necessary, but reverse engineering flash scripts may become useful in some cases, including java applications as well. (With PHP scripts you either have the source and search through it for errors, or you fuzz all possible user-input fields, or combine both!)

      @CTRLS wrote:

      Is CSS required to know while hacking???
      i havn’t really looked at it :/

      Cascading Style Sheets I presume you’re referring to, and not XSS (Cross-Site Scripting). You won’t use it that much, but for XSS it can prove very useful to know about. Sometimes, a CSS file may contain hidden directories as well and generally it is very easy to learn, as the CSS language is very easy.

      JavaScript on the other hand, which is not the same as Java at all, may take some time to learn.Β  πŸ˜‰

    • #41299
      ShadowReaper
      Participant

      @MaXe wrote:

      When you’re ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc. Β πŸ˜‰ (Find them yourself, you should. If you’re going to become a real hardcore web app hacker.)

      maxe, could you provide more links for resources?

      thank you

    • #41300
      MatP
      Participant

      @CTRLS wrote:

      (my bad abou the speling im at school)

      Am I the only one who found this ironic? πŸ™‚

    • #41301
      lorddicranius
      Participant

      @MatP wrote:

      @CTRLS wrote:

      (my bad abou the speling im at school)

      Am I the only one who found this ironic? πŸ™‚

      Nope, I LOL’d when I read it πŸ˜›

Viewing 16 reply threads
  • You must be logged in to reply to this topic.

Copyright Β©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?