In my career, hacking was introduced as a tool to make my code better. Thinking with the mindset of 'how can I break this' greatly elevates the quality of the code, very quickly.
Frameworks like Laravel do a great deal of the work for you, but often (IMO) doesn't provide the developer to enough exposure to the hacking exploits and problems, meaning they don't look for any of the sorts of things listed below.
So; for anyone interested, here's a few quick tips to start hacking or to lock down your website ;)
#1 robots.txt - !!
Weirdly, yes, robots.txt is the root of all evil. The amount of times I've not bothered running software scanning for directories and just looked at robots.txt is unbelievable. So many websites put all their 'secure' directories in there to hide them from search engines... #boom instant win. You can concentrate all your efforts on those folders.
#2 query-string test
Simply putting ?1=2 in a URL to see if it yields a result or print on a source of a webpage is good test. If it is, you've clocked their printing shit they shouldn't. Now try printing everything on the keyboard (except "?") in your ?1= parameter. See what escapes and what doesn't.
If nothing escapes, jackpot. If specific values/characters do, no worries, try another page or section of the site. Often account areas are the weakest.
#3 Webcache
Another silly thing 'sysadmins' or 'senior developers' don't lock down is port 8080. This is a weird hack i've only been able to get working a few times, but when it has, boy, I've had whole website backups available.
Simply trying http://www.example.org/:8080 is the simplest test. You'll either get a directory cache view or 404/denied directory listing page. This site, http://www.t1shopper.com/tools/port-scan/, is a friend - but don't abuse it.
Hope the above is helpful.
Any tips or tricks you want to share with me, post below :)
Thanks,
J
No comments:
Post a Comment