.

assitance please

<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 9:38 am

assitance please

what knowledge do you need to know to start hacking websites
Last edited by CTRLS on Tue Jul 26, 2011 12:54 pm, edited 1 time in total.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Jul 26, 2011 11:31 am

Re: assitances please

httml, php and some knowledge of SQL transactions (query), just to begin
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 12:02 pm

Re: assitances please

Well I know most of that but isnt there more to it
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Jul 26, 2011 12:04 pm

Re: assitances please

And legal issues  ;) If you're a total newbie, you can A) Search forums (and blogs) for tutorials on Web Application Security; B) Read The Web Application Hackers Handbook.

Both things are worth doing, even though I didn't read the second one, it certainly did look interesting  ;) I think reading that book will probably be a shortcut to most, to get most of the basics and even some more advanced stuff.

When you're ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc.  ;) (Find them yourself, you should. If you're going to become a real hardcore web app hacker.)

And last but not least, learn how to spot coding errors in e.g. PHP scripts so you can find 0days yourself as well. Sometimes, it's boring to look through a billion lines of code, but then you can alternatively grab a copy of the web app, install it on your own server, test it for vulnerabilities  ;) (With your own methods, NO automated scanners. In most popular web app's they wouldn't do any good except waste your time. This doesn't apply to addons for popular web apps, as the addons are often vulnerable.)

PS:
CTRLS wrote:Well I know most of that but isnt there more to it


There's A LOT more to it thank you think!  ;D
Create something like this: http://www.exploit-db.com/vbseo-from-xs ... php-shell/
Video: http://www.youtube.com/watch?v=B6QAjB3kYec


That's pretty much when I go in-depth with my skills, to prove that even XSS can be deadly if you just use your knowledge (and imagination) right.

Reference: http://www.exploit-db.com/category/maxe/
Last edited by MaXe on Tue Jul 26, 2011 12:08 pm, edited 1 time in total.
I'm an InterN0T'er
<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 12:51 pm

Re: assitances please

Is it neccesary to learn reverse enigeneering (my bad abou the speling im at school)
<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 12:59 pm

Re: assitance please

Thank you once again MaXe (you've been a bigg help)
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Jul 26, 2011 1:42 pm

Re: assitance please

When I think of RE I think of compiled code. If you're trying to test a specific web application, it wont help. If you're trying to find 0 days in the web server that the web app is running on, you could RE the binaries of the webserver.
<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 3:26 pm

Re: assitance please

Is CSS required to know while hacking???
i havn't really looked at it :/
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Jul 26, 2011 3:48 pm

Re: assitance please

Yes, if you want to "hack", you need to know every thing about whatever you're testing. So, go learn that too.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jul 26, 2011 4:11 pm

Re: assitances please

MaXe wrote:Read The Web Application Hackers Handbook.


I want to read that book. Looks and sounds better than Hacking Exposed: Web Applications 3rd Edition (granted I've only thumbed the other one and going on what I've heard here). Not that I'm knocking HE:WA3E.

Anyway the new edition of The Web Application Hackers Handbook is due out in September. I'm waiting til then to order.
OSWP, Sec+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jul 26, 2011 4:14 pm

Re: assitance please

You can port scan intranets with CSS :)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

CTRLS

Newbie
Newbie

Posts: 25

Joined: Fri Jul 22, 2011 12:17 am

Post Tue Jul 26, 2011 4:46 pm

Re: assitance please

ok cause i was just going to move onto .ASP and the rest of PHP
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Jul 26, 2011 4:49 pm

Re: assitance please

That's a great place to start.
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Jul 27, 2011 11:46 am

Re: assitance please

CTRLS wrote:Is it neccesary to learn reverse enigeneering (my bad abou the speling im at school)


It's good to learn about, but don't start with this unless you want to go deep straight ahead. Reverse engineering PHP applications is not really necessary, but reverse engineering flash scripts may become useful in some cases, including java applications as well. (With PHP scripts you either have the source and search through it for errors, or you fuzz all possible user-input fields, or combine both!)

CTRLS wrote:Is CSS required to know while hacking???
i havn't really looked at it :/


Cascading Style Sheets I presume you're referring to, and not XSS (Cross-Site Scripting). You won't use it that much, but for XSS it can prove very useful to know about. Sometimes, a CSS file may contain hidden directories as well and generally it is very easy to learn, as the CSS language is very easy.

JavaScript on the other hand, which is not the same as Java at all, may take some time to learn.  ;)
I'm an InterN0T'er
<<

ShadowReaper

User avatar

Newbie
Newbie

Posts: 6

Joined: Wed Nov 11, 2009 4:38 am

Post Fri Jul 29, 2011 4:39 am

Re: assitances please

MaXe wrote:When you're ready to dive into the more advanced stuff, with or without programming knowledge, you need to find some good resources for web app sec like ha.ckers.org, etc.  ;) (Find them yourself, you should. If you're going to become a real hardcore web app hacker.)


maxe, could you provide more links for resources?

thank you
Next

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software