would this be a good way to start web hacking?
(03-29-2020, 04:15 AM)MuddyBucket Wrote:
(03-29-2020, 02:21 AM)QMark Wrote: So what would be a good rule of thumb before learning web hacking?

[Image: 90949992_10158196704423524_6470506314622...e=5EA43092]

Saw this "meme" today on facebook. Definitely relevant.

As for your question, once again, the fundamentals. solid programming skills for starters. then a solid understanding of the underlying technology used. Websites run on web servers like Apache, Nginx, etc. Do you understand the HTTP and HTTPS protocols? How about DNS? Understanding Linux when attacking a webserver running Linux for example. back in the day you could put something like ../../../etc/password in your browser bar on certain versions of apache and you'd get the password file for all the users on the system. or any other accessible file on the system. This is called directory traversal, and if you had no idea how linux systems worked, you'd probably not have much luck. Especially if say the passwd file was locked down, but you could still access things like config files in the current account. If you don't understand where or how those config files are - you're never going to get anywhere.

I'm starting to ramble... 

But i guess the point is, the more you understand about the systems you're trying to exploit, the more you'll be able to exploit. That's not to say you need to learn *everything* before you start hacking - but you need to have a solid understanding of the technology you're trying to exploit. And web hacking is too general of a term for me to specify what specifically you need to learn. 

You want to exploit SQL driven php websites? a solid understanding of HTTP/S, PHP, and SQL will be necessary.

You want to exploit a NoSQL driven NodeJS application? a solid understanding of NoSQL and NodeJS will be necessary.

You want to exploit a Java driven website? You'll probably need a solid understanding of Tomcat, Java, and Servlets.

Knowing PHP and SQL probably won't directly help you exploit a NodeJS or Java website. Understanding a programming language would of course help... but each language and technology has its own weaknesses and security considerations.

So the only rule of thumb I have for you - and this applies to any kind of hacking - no matter what you're trying to exploit - is learn the fundamentals of the technology running the system you're trying to exploit.

Ok, what if I had specific books or courses in mind that I wanted to be optimally beneficial when I finally take them? Let's say I want to know all of the prerequisite concepts necessary in order to understand everything in elearn security's courses but I want to first learn every prerequisite I need to do the web hacking track which is PTS > WAPT > WAPTX so that I get the maximum possible benefit out of the course and not just the minimum.

How much networking, linux, and web development should I learn to do that as a start?

My short term goal is to get enough to gain the most out of the web hacking track, but I eventually want to be well-rounded and know all of elearn security's penetration testing courses plus know OSINT plus know social engineering and maybe earn OSCP afterwards. Let's say that's my long term goal, but in the short run I want to know the amount of networking, programming, and operating systems just to get the most out of the web hacking track. Obviously, I want to also be a programmer with a primary language of python for everything.

What would you recommend before starting on that?

I figured if I was more specific that maybe I would get a little bit further in terms of what I need to do to achieve this.

Messages In This Thread
RE: would this be a good way to start web hacking? - by QMark - 03-29-2020, 04:32 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Coldfusion hacking Insider 2 10,248 02-13-2021, 08:44 PM
Last Post: Insider
  Basics of website and server hacking Insider 0 7,763 03-26-2020, 09:34 PM
Last Post: Insider
  is my site secure from common hacking? mhiats37 1 7,111 05-11-2019, 03:03 AM
Last Post: misfit
  WebDAV Hacking [Detect & Exploit] Insider 1 21,433 04-24-2019, 09:03 PM
Last Post: thunder