A question for anyone

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

A question for anyone

Post by shihonoryu on Wed Feb 08, 2012 12:03 pm
([msg=64204]see A question for anyone[/msg])

Hi. The world of hacking has always interested me. ive been a programmer for a while, and have recently taken up the challenge of ethical hacking.

now how would you go about hacking a website like this? [note: Please do not hack the website. simply a question because ive thought about this general situation a lot and the answer eludes me]

so would it would be a website like URL edited out or the general website like this and say you would want to deface it? out of grudge/ignorant message, whatever you like. yet it has no login forms. or search? is it possible?also, say you have a website that protects against mysql/JS injection what are your options then? is there any? also, is directory transversal a tactic used a lot? ive tried it before on some sites, and it never seems to work well for me.

i repeat this is not a "Halp me haxor thiswebsite plx" im trying to learn

Thank you for your time
shihonoryu
New User
New User
 
Posts: 2
Joined: Mon Jan 30, 2012 12:27 am
Blog: View Blog (0)


Re: A question for anyone

Post by centip3de on Wed Feb 08, 2012 2:19 pm
([msg=64209]see Re: A question for anyone[/msg])

shihonoryu wrote:Hi. The world of hacking has always interested me. ive been a programmer for a while, and have recently taken up the challenge of ethical hacking.

now how would you go about hacking a website like this? [note: Please do not hack the website. simply a question because ive thought about this general situation a lot and the answer eludes me]

so would it would be a website like URL edited out or the general website like this and say you would want to deface it? out of grudge/ignorant message, whatever you like. yet it has no login forms. or search? is it possible?also, say you have a website that protects against mysql/JS injection what are your options then? is there any? also, is directory transversal a tactic used a lot? ive tried it before on some sites, and it never seems to work well for me.

i repeat this is not a "Halp me haxor thiswebsite plx" im trying to learn

Thank you for your time


You would have to find an exploit in the site, and then, well, exploit it. A site that has no login forms, or search is still open to SQL injection via the URL bar (still quite a common exploit). But, I think you need to realize that there are more exploits than just SQL/JS injection or directory transversal. If I were to type each one to you, it would take several hours to compile all the data, let alone typing it all in. My advice to you is to go and do some of the missions, read some of the articles, and then you should be able to answer your own question.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1467
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: A question for anyone

Post by tremor77 on Wed Feb 08, 2012 3:12 pm
([msg=64214]see Re: A question for anyone[/msg])

There are cases in which a web"page" will have absolutely zero vulnerabilities. Then again, this page also probably has no interactivity or functionality and is just a static html. In that case... you need to research the host and determine if the host has any vulnerabilities. If you do not yet know how to gather website host information for a web"page" then you should probably do some learnin'
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 911
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests