Beginners Guide for Hacking Web Sites
Thriving for continuous improvement, ability to learn on the run, identifying what needs to be learnt and how to apply them, intuition are some of the important aspects that a beginner hacker must have. Because handling the security of a computer-based system can be a hectic, but a vital task. A web security specialist must be very fluent in many technologies such as HTML, MySQL, Scripting languages such as Python, Perl, Server Side coding languages such as PHP, NodeJS and many other genres of technologies. So as a beginner person who is determined to climb high in the security ladder must sharpen his/her skill set day by day. So as a first step let’s learn some basic concepts to infiltrate the security in a web page.
Analyzing the source code
The underlying source code is the brain in a computer system. The probability of crashing a system can be really high if the underlying software is badly written, even if the hardware used is state of the art. A software can have millions of lines of code. That code is the supervisor of that system and it is responsible for the system’s functionality. So by accessing and analyzing a source code in a system, a hacker can get an idea how the particular system works. So I believe analyzing the source code can be defined as the first step that any beginner hacker must do. Because to solve a problem, we must have clues or hints or details relevant to the problem. So to find details regarding a software or web page source code is the best place to start. Let’s check a perticular web page and it’s source code
In the above example, we can see there is no subtlety in the web page about it’s functionalities. So we can’t get any subtle details about it’s functionality. So we can check it’s source code. By looking at source code we can get a good idea about how the web page functions.
Modifying the source code.
The main purpose of analyzing the source code by a hacker is to identify the security loopholes in it. Because by accessing via these loopholes a hacker can change the functionalities of a web page.
The functionality of the above web page is to vote for some bands and make them come top of the rating list. So to check security threats of this site let’s check the source code of it.
We can understand how the voting choices function in the code by analyzing the above code. So what if we change the value of a voting option to some big number and keep the voting point shows in the web page same. As an example let’s say that we changed the value of the fifth vote to 1000 and kept the number 5 to show on the web page! This could be disastrous for the competition. Because by a single vote that particular band can come to the top. This a simple but clear example of modifying the source code according to a someone’s interest.
So what we need to do to stop this kind of source code manipulation is that we have to checkthe information that comes to the server. In this scenario server must be programmed accordingly to check whether this vote is in the valid voting range. Unless above kind of source code manipulation can occur.
Using scripts to exploit contents send through a web page.
We can use the help of scripting languages such as Python and Perl to write a script which will exploit the information sent via a web page. As an example let’s say there is a website which will provide a service where we can encrypt a password using a cipher and use that for our Sign Up and the eventual Log In. So any authorized person can come to the site and encrypt it and then use it to log in. (This is an imaginary scenario. Real world web security is much higher and mature than this). So what if we can write a script which will decrypt the password or what if we can identify the encryption algorithm and develop a programming script to achieve the same encryption method? Then a hacker can use that scripts to identify the passwords if he/she somehow get a chance to access database or simply if someone writes the password somewhere the hacker can encrypt and can be used to access the particular site in the above scenario. This is a simple scenario. But using this scenario we can identify the use of the knowledge of scripting languages, cryptography, and their particular algorithms can be highly vital for any hacker.
Command injections using invalidated inputs.
With a command injection attack, the goal is to execute arbitrary commands on the host operating system via a vulnerable application. Let me explain a scenario where a command injection is possible.
In the above web page it states that there is a UNIX command containing script. This script has a UNIX cal command. In an UNIX OS by using the cal command we can see a given calendar in a given year. Let’s check the source code for more details.
In the above code section we can see that there is the cal.pl perl script that we have identified before. This script contains a UNIX command which will retun with a give calender. So if this command return the calendar of a given year, what if add some command with it. Let’s say we add ;ls with the year as below.
2017; ls
So this was the result when I entered the above command to the year field in the web page. So what happened was that the script returns the calendar and didn’t stop there. As I have concatenated a command with the year script it executed the ls command. So script executed the input as an one single line of command. ls is a file listing command in UNIX and it listed all the files in the directory list. The threat in here is that what if there were some important and sensitive information files such as password loading scripts? Then we can use URL to go to that file and retrieve data if that file was not protected.
The main thing to know here is that this will work only if the command is return something. Unless there won’t be any opportunity to execute the next command.
Using Server Side Injections
Let’s modify the above script scenario to a slightly advance state. In here the web developer has removed the Perl script and has used a file saving system using PHP. So now an attacker can’t use command injection like above to retrieve data.
So in here when we enter some random string we get a web page as follows
“a1b23c” is the character I entered in the “Enter Your Name” field. And if we do these type of submission few times, then we can see that it will get the entered string with the “hi” sentence and it will calculate the number of characters in it. Then if we check the URL of this page we can see that this page is a .shtml page. Let’s understand what is shtml and what to learn from it.
If a web page has an shtml tag, that means those pages are SSI compatible. SSI is the abbreviation for Server Side Includes. This is a server-side scripting language. Main purposes of SSI is to include some content from another web page such as a footer file to show in the current web page orto give dynamic features to a website such as “last modified date of the webpage” But there are many other functionalities bound with SSI such as command executing, echoing given inputs etc. But to SSI to work that web page must have the shtml extension and server should allow SSI to execute. Then let’s understand how SSI syntax work. If there is SSI in a webpage it will be executed first by the server.
<!--#exec cmd="ls -l" -->
The above is an example of an SSI command execution with the exec directive. Then it has uses the cmd parameter to execute the UNIX command. Then the command will be inside the quotation marks.
So we can use this same command and can check whether will it work as an injection. If it works it will give the file list of the current directory.
Bypassing authentication using cookies.
Cookies are used to store session details in the client machine. If as a user if we start a session with a server we will receive a session id and some other session details of the session. Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage. Storing the data on the server without using cookies would also be problematic because it would be difficult to retrieve a particular user’s information without requiring a login on each visit to the website.
If there is a large amount of information to store, then a cookie can simply be used as a means to identify a given user so that further related information can be looked up on a server-side database. For example the first time a user visits a site they may choose a username which is stored in the cookie, and then provide data such as password, name, address, preferred font size, page layout, etc. — this information would all be stored on the database using the username as a key. Subsequently when the site is revisited the server will read the cookie to find the username, and then retrieve all the user’s information from the database without it having to be re-entered.
So we can feel the idea that according to a cookie we can change the functionality of a certain web site; specially if it is a tracking cookie of our interaction with a certain site. So if we can manipulate a cookie in our own way we can change the behavior of a web site.
In the above example, we can see cookie by typimg document.cookie in the firebug console. It will return the cookies that have been exchanged. In the above scenario if we changed the level 10 authorization to yes we can bypass the password and can just login. This is a simple way of manipulating a cookie to change web sites behavior.
Summary
These are the main tips that I have described in the above article.
- Analyzing the Source Code.
- Modifying the source code
- Using scripts to exploit contents send through a web page.
- Command injections using invalidated inputs.
- Using Server Side Injections.
- Bypassing authentication using cookies.
To be a good hacker the thing to remember is toread and learn any new technology that relevant to a relevant process. Then use that knowledge and built your own tips to identify an approach to a problem.
