would this be a good way to start web hacking?
(03-29-2020, 02:21 AM)QMark Wrote: So what would be a good rule of thumb before learning web hacking?

[Image: 90949992_10158196704423524_6470506314622...e=5EA43092]

Saw this "meme" today on facebook. Definitely relevant.

As for your question, once again, the fundamentals. solid programming skills for starters. then a solid understanding of the underlying technology used. Websites run on web servers like Apache, Nginx, etc. Do you understand the HTTP and HTTPS protocols? How about DNS? Understanding Linux when attacking a webserver running Linux for example. back in the day you could put something like ../../../etc/password in your browser bar on certain versions of apache and you'd get the password file for all the users on the system. or any other accessible file on the system. This is called directory traversal, and if you had no idea how linux systems worked, you'd probably not have much luck. Especially if say the passwd file was locked down, but you could still access things like config files in the current account. If you don't understand where or how those config files are - you're never going to get anywhere.

I'm starting to ramble... 

But i guess the point is, the more you understand about the systems you're trying to exploit, the more you'll be able to exploit. That's not to say you need to learn *everything* before you start hacking - but you need to have a solid understanding of the technology you're trying to exploit. And web hacking is too general of a term for me to specify what specifically you need to learn. 

You want to exploit SQL driven php websites? a solid understanding of HTTP/S, PHP, and SQL will be necessary.

You want to exploit a NoSQL driven NodeJS application? a solid understanding of NoSQL and NodeJS will be necessary.

You want to exploit a Java driven website? You'll probably need a solid understanding of Tomcat, Java, and Servlets.

Knowing PHP and SQL probably won't directly help you exploit a NodeJS or Java website. Understanding a programming language would of course help... but each language and technology has its own weaknesses and security considerations.

So the only rule of thumb I have for you - and this applies to any kind of hacking - no matter what you're trying to exploit - is learn the fundamentals of the technology running the system you're trying to exploit.

Messages In This Thread
RE: would this be a good way to start web hacking? - by MuddyBucket - 03-29-2020, 04:15 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Coldfusion hacking Insider 2 8,109 02-13-2021, 08:44 PM
Last Post: Insider
  Basics of website and server hacking Insider 0 6,851 03-26-2020, 09:34 PM
Last Post: Insider
  is my site secure from common hacking? mhiats37 1 6,486 05-11-2019, 03:03 AM
Last Post: misfit
  WebDAV Hacking [Detect & Exploit] Insider 1 20,704 04-24-2019, 09:03 PM
Last Post: thunder