Since I am building websites I wondered how a real “hacker” would hack a site. These fancy CIS TV-Show 3d animations are not the correct image, thats for sure. But other than that I just had a vague idea on how it worked. So the first thing I did was google “how to hack”. Well that wasn’t much of help.
But which programm? What do I want to hack? What scanner is up to date? The answer is: There are many tools and all of them serve a special purpose. Some of them are better or easier to use than others and some are more powerful than others. Also, they come for different operating systems. I’ve got a mac, so I had a huge problem because most tools were for linux or windows. Luckily I found out about Kali Linux in which you can find some of the most useful tools ready to use. You can download Kali as a VM, which I highly recommend because you can screw around with some scripts and install stuff which you can then reset by installing an older snapshot. Also if you’re like me and just want to test things out, you don’t have to mess up your own OS.
The first hack
Now I’ve got a professional setup and am able to hack the world. But how exactly? How does an SQL injection really work and what tool do I use to find a vulnerability? So I googled for a tutorial and found a really good one about the technique and how to find these vulnerabilities manually (tutorial here). If you’re looking for a point to start, do it at their site and read through it. My first hack involved a browser and nothing else. The trick is, that in order to find a possibly vulnerable website, you don’t need a bot/scanner or whatever. Just google it!
The magic term here is “dork list”. These are lists that contain search terms for pages that have a URL parameter exposed. If you google for dork list, you will find general ones like “about.php?cartID=” or very specific ones that show a known vulnerability. I suggest you go for a general dork and find a page that shows content related to a given category, product-id or such. You’ve now got a website like this “http://testphp.vulnweb.com/listproducts.php?cat=1”. Write a ‘ after the 1 and see what happens. A SQL error? You’re such a hacker! Work through the tutorial and you’ll be able to see the secrets of that website.
My reaction here was: Oh shit that was pretty easy! But the correct reaction should have been “That already was illegal”. You’ve just hacked a website.
To make things easier kali linux offers a broad variety of tools for all your needs. You want to test the above method automatically and dump the whole database? sqlmap is your friend. You want to gather information about a specific server? Use nmap. If you want to check a website in general, you might give OWASP a try. Your target is a wordpress site? WPScan can show you the users, plugins, themes and vulnerabilities that come with these.
You see that there is a little something for everything you want to do.
Hacking can be far more easy than I thought. The word “can” is the key here. It can be as easy as in the above example, but it sure as well can be impossible. I think what I’ve learned in the past month made me a better website developer because I know a bit of how the “other side” works. I now know some tools and can test my own creations. Surely enough I found some nasty things in old projects.
You should give all that a try. Just make sure that you’ve got the OKAY of the website owner to hack him. Otherwise a simple secured server could track you back and bite you in the ass.
Image credits: kali.org