» [Article] Webhacking Basics

[Dragon[Sky]]

Hello, this is just a short article about webhacking and the basics (mostly tips).
There's not much to say, so here I'll start...

1. Check for robots.txt
Usually the directory is hxxp://www.targetsite.com/robots.txt
This can contain plenty of information. Even though not all sites have it.
robots.txt is used to restrict the Google bot's access in certain parts of a forum or a website.
It looks like this:

User-agent: *

Disallow: /forum/admin.php
Disallow: /forum/moderator.php
Disallow: /forum/include.php

etc.

2. Check if site is vulnerable to SQL injections
This can be checked with a simple apostrophe at the end.
For example, hxxp://www.targetsite.com/news.php?id=1'
If the page displays an error, then the site is vulnerable.
You may now proceed on injecting more queries and drawing various information.

3. Check for common directories
Sometimes site administrators forget to rename the dirs and leave them as default.
It's good to check for these directories as they can contain version info and other stuff that helps you determine if the site is vulnerable.
Common diretories are:

admin
admincp
mod
modcp
moderator
include
includes
logs
tmp
install

4. Port scanning
Gathering information about the server can also be useful.
Ping the site in cmd (you MUST know how to do this, if you don't, then just leave) and scan the IP (and no, don't limit the scan to 6000 as usual, f.ex 8080 is a common web port).
Don't forget to check the site with nslookup, MaXe's DNS guides cover this.
With this information you can figure out if the site has vulnerabilities and stuff.
Now you can connect with the open port threw telnet. The syntax is telnet IP(or hostname) port. For example, telnet google.com 25.
For example, if the site has port 25 open, which is the SMTP (Simple mail transfer protocol) we can send emails threw the server.
Or even better, imagine there's port 3306 open. That's the SQL port. Threw this you can access the site's SQL database.
Download MySQL or something and try to clear your way in. You can try various combinations, like:

admin admin
admin root
root root
root admin

And so on. Though it's quite possible that you won't get anywhere guessing, so your best bet would be bruteforcing, dictionary attacks, rainbow tables or whatever can you afford.

5. Cookie poisoning
Even though most sites nowadays filter this, it wouldn't hurt to try.
We will do this...with javascript.
It's quite simple. Try this in the address bar.
javascript:alert(document.cookie);
In some cases this may spit out your username and password.
This is the part where you try the famous line...
javascript:void(document.cookie="username='OR'1'=' 1"); void(document.cookie="password='OR'1'='1");
Similar to SQL injection, you guessed it.

6. Check if site is vulnerable to XSS
XSS and javascript together open up a huge horizon of possibilities and a whole lot of new places to discover.
Check if the site is vulnerable by typing this in a webform or something.
<script>alert("awdwdadwd")</script>
If site is vulnerable, then you will get a popup box saying awdwdadwd (yes this was random).
I won't say more about this since I suck at XSS.

Hope you enjoyed my article and have fun.
Keep in mind this is for purely educational purposes and I do NOT encourage anyone to go hack or try random websites. I'm strongly against that.
~Dragon[Sky] ;)

[MaXe]

I think it's a nice introduction to webhacking and pentesting websites : )
Don't forget to use the Whois system as well ;)

[hestas]

thx for the guild i enjoy the stuff u write :)

[darkoneagain]

woha, actually didn't know about the /robot.txt one.. o.o nifty..

[ervin74]

Thank you for basic tutor, usefull for me, good job