EvilZone
Hacking and Security => Hacking and Security => : Kiuhnm November 03, 2014, 12:44:12 AM
-
I started my hacking adventure with code exploitation (now I know how to bypass DEP and, when possible, ASLR). Now I think I'll move to cryptography (http://cryptopals.com/ (http://cryptopals.com/)) and Web App Hacking.
Where should I start? What about this book?
http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470 (http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470)
Also, should I study Javascript, PHP, ASP.NET etc...?
-
ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.
You'll want to look at HTML and CSS (derp)
PHP for Server Side Dynamic Webpages
Javascript for Client Side dynamic Webpages
SQL for database queries, and yes, asp, and ajax, and such will all help you, but the five there are, again, IMO, the biggest/most important things to learn.
There are lots of Tuts in our tutorial section for this sort of thing, tho tbh if you're jumping around from subject tp subject youll probably only need t olook at SQLi and XSS problems :p
-
ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.
You'll want to look at HTML and CSS (derp)
PHP for Server Side Dynamic Webpages
Javascript for Client Side dynamic Webpages
SQL for database queries, and yes, asp, and ajax, and such will all help you, but the five there are, again, IMO, the biggest/most important things to learn.
There are lots of Tuts in our tutorial section for this sort of thing, tho tbh if you're jumping around from subject tp subject youll probably only need t olook at SQLi and XSS problems :p
The above things will be effective if you know these labguages.. It'll be really easy for you to graspup the concepts and learn more faster and easier.. :)
There are hell lot of problem you'll face but if you know above things.. You are on a boost.. \m/ Happy hacking.. ;)
-
I already know HTML, CSS, Dart, PL/SQL (Oracle), MongoDB, redis and I read a book about Javascript and HTML5 a few years ago but then I decided to develop Single Page Applications in Dart (Google's new language).
I kind of hate Javascript with all its idiosyncrasies and oddities so I switched to Dart and don't regret it. Unfortunately, to become a hacker I need to deal with Javascript all over again :(
-
ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.
I'm not sure I agree with you on this. That's a 900-page book. I doubt some quick tutorials can offer the same amount of information.
-
I already know HTML, CSS, Dart, PL/SQL (Oracle), MongoDB, redis and I read a book about Javascript and HTML5 a few years ago but then I decided to develop Single Page Applications in Dart (Google's new language).
I kind of hate Javascript with all its idiosyncrasies and oddities so I switched to Dart and don't regret it. Unfortunately, to become a hacker I need to deal with Javascript all over again :(
JS is just one tiny part..
If so then go ahead with some basic of web app exploitation or try exploiting different attacks..
If you don't know which types of attack there are and how to exploit and patch them I have a useful link for you to move one step forward:
https://www.owasp.org/index.php/Category:Attack (https://www.owasp.org/index.php/Category:Attack)
Check this, it has lots of we app attacks, their explanation, patch and exploitation..
Includes mobile based attacks,
Client side attacks,
Encoding, Session flaws, types of db injection, SSI and hell lot of things.. :)
If it helped you +1 please! :D
hahah Kidding..
-
I already know OWASP, but I decided to start with the book. I like to be systematic in my study. I always start with big comprehensive books and then move to tutorials and articles to keep myself up to date.
-
I already know OWASP, but I decided to start with the book. I like to be systematic in my study. I always start with big comprehensive books and then move to tutorials and articles to keep myself up to date.
Ohhhw.. Your wish..!!
By tutorials you will learn more faster! Thats all We are trying to explain.. :)
-
Ohhhw.. Your wish..!!
By tutorials you will learn more faster! Thats all We are trying to explain.. :)
I don't see how that's possible. Are you saying that books are full of useless stuff?
Good books are the result of a thorough work of synthesis and reorganization of material that is scattered throughout the Internet or can be found in technical papers. Books are good for mathematics, machine learning, statistics, reverse engineering, etc...
Is Web Application Penetration Testing so different than books become inefficient?
I find it difficult to believe...
-
I don't see how that's possible. Are you saying that books are full of useless stuff?
Good books are the result of a thorough work of synthesis and reorganization of material that is scattered throughout the Internet or can be found in technical papers. Books are good for mathematics, machine learning, statistics, reverse engineering, etc...
Is Web Application Penetration Testing so different than books become inefficient?
I find it difficult to believe...
Well, didnI say books are useless.. Don't take it in a wrong way brother.. I was just trying to give my suggestion.. Take it or leave it.. Don't misunderstand me and take the topic somewhere else.. Thats all.. :)
-
That book is a really good one in my opinion and it can be considered a good starting point. It's well written and covers a wide variety of topics but remember that it is a book. It is an excellent resource but be sure to make practice as you go on reading it. 900 pages are worth nothing if you do not put what you learnt into practice (legally ofc), also because only by practicing you acquire full awarness and knowledge about that specific technique.
-
That book is a really good one in my opinion and it can be considered a good starting point. It's well written and covers a wide variety of topics but remember that it is a book. It is an excellent resource but be sure to make practice as you go on reading it. 900 pages are worth nothing if you do not put what you learnt into practice (legally ofc), also because only by practicing you acquire full awarness and knowledge about that specific technique.
The authors of that book offer a lab full of challenges/exercises. The access to the lab is 7 dollars per hour if I remember correctly. I think that's the easiest way to put what you learn in the book into practice. The main advantage is that you can focus on single topics as you study them in the book as opposed to having to deal with full penetration testing when you're still not ready.
That would be the first time I pay for my education (OK, except for the university) and so I'll leave that as a last resort.
Here are a few resources I could use:
http://www.amanhardikar.com/mindmaps/Practice.html (http://www.amanhardikar.com/mindmaps/Practice.html)
-
I'm not sure I agree with you on this. That's a 900-page book. I doubt some quick tutorials can offer the same amount of information.
Quality of information is not measured in the quantity of words.
-
The authors of that book offer a lab full of challenges/exercises. The access to the lab is 7 dollars per hour if I remember correctly. I think that's the easiest way to put what you learn in the book into practice. The main advantage is that you can focus on single topics as you study them in the book as opposed to having to deal with full penetration testing when you're still not ready.
That would be the first time I pay for my education (OK, except for the university) and so I'll leave that as a last resort.
Here are a few resources I could use:
http://www.amanhardikar.com/mindmaps/Practice.html (http://www.amanhardikar.com/mindmaps/Practice.html)
True, the lab they provide allows you to experiment a bit, but in the long run 7$/hour can be quite a big amount. Unluckily i don't know many alternatives, there's Hack this site, but personally i don't like it.
-
Go to the Ebooks section, don't buy anything on the Internet.
-
Quality of information is not measured in the quantity of words.
But if two things are of the same quality, the quantity of words matters.
Why are you assuming that that book is of lower quality?
-
True, the lab they provide allows you to experiment a bit, but in the long run 7$/hour can be quite a big amount. Unluckily i don't know many alternatives, there's Hack this site, but personally i don't like it.
Did you try this?
https://www.hacking-lab.com/index.html (https://www.hacking-lab.com/index.html)
Here's a list of challenges:
https://www.hacking-lab.com/Remote_Sec_Lab/caselist/ (https://www.hacking-lab.com/Remote_Sec_Lab/caselist/)
-
Why are you assuming that that book is of lower quality?
To some people, reading a pdf on hacking is MUCH lower quality information then reading a quick tut and getting your hands dirty.
-
To some people, reading a pdf on hacking is MUCH lower quality information then reading a quick tut and getting your hands dirty.
IMHO, it also depends on what you want to accomplish and how much you are willing to study for reaching your goal.
For instance, I used to be a cracker and while many crackers relied almost completely on quick tutorials, I also read books such as The Art Of Assembly Programming, the Pentium Manuals, etc... It took some effort but it was well worth it.
I know many programmers who learned C++ or Python by reading a few tutorials here and there and it shows. Moreover, they never took the time to learn about algorithms, data structures, numerical analysis, etc... (I saw seasoned programmers ask why, in their programs, 0.1 + 0.2 != 0.3).
I think that getting one's hands dirty too soon is counterproductive. The risk is to become a script kiddie and to be overly dependent on what others may teach you. One should learn from the best and then try to stand on their own.
Another thing to keep in mind is that I don't want to just do some hacking but become a penetration tester. This means that I should be able to discover a large spectrum of vulnerabilities while a black hat hacker might focus on just a few (say SQLi and XSS). A book can give me a fair idea of what there is out there, while a bunch of tutorials can't.
I think tutorials are great because they may contain information you can't find anywhere else, but you can't rely on them to build solid foundations, especially if you're a beginner.
That's my opinion and my method has always served me well in everything I've done. Motivation is also very important. For instance, I never learned to write perfect English because that's too hard and I think it isn't worth it. I don't know anyone who speaks English so I just read a bunch of grammar books and watch movies and TV series every day in English without subtitles. That's about it. So, as you can see, I'm not overly perfectionist in everything I do, but now becoming a good penetration tester is my main goal in life :)
-
but now becoming a good penetration tester is my main goal in life :)
I feel sad reading this... OT: If reading is your thing go a head and read 900 pages. Remember that most American publishers pay by the page. You don't need 900 pages to cover web exploitation and you could do just fine with less. The entire Windows Internals are covered by just over 1400 pages in Windows Internals part 1 and 2, it's *slightly* more complex.
The problem with books about exploitation vectors is how fast they are out dated. It's a 900 page book from 3 years ago. That aside it sounds like you have decided and likely already reading, I wish you the best and hope you will get the information needed.
-
I feel sad reading this... OT: If reading is your thing go a head and read 900 pages. Remember that most American publishers pay by the page. You don't need 900 pages to cover web exploitation and you could do just fine with less. The entire Windows Internals are covered by just over 1400 pages in Windows Internals part 1 and 2, it's *slightly* more complex.
Not only do you need 900 pages to cover web exploitation, but I also think they're not nearly enough.
For instance, the book merely touched on silverlight, Java applets, ActiveX controls and Flash objects. To reverse engineer native code, you need to know assembly, how to use ollydbg and IDA pro, how to beat obfuscation, etc... 1000 pages wouldn't be enough.
Web exploitation is way more complex than what you think, IMHO.
The problem with books about exploitation vectors is how fast they are out dated. It's a 900 page book from 3 years ago. That aside it sounds like you have decided and likely already reading, I wish you the best and hope you will get the information needed.
Directly from the book:
In the four years since the first edition of this book was published, much has
changed, and much has stayed the same. The march of new technology has, of
course, continued apace, and this has given rise to specific new vulnerabilities
and attacks. The ingenuity of hackers has also led to the development of new
attack techniques and new ways of exploiting old bugs. But neither of these
factors, technological or human, has created a revolution. The technologies
used in today’s applications have their roots in those that are many years old.
And the fundamental concepts involved in today’s cutting-edge exploitation
techniques are older than many of the researchers who are applying them so
effectively. Web application security is a dynamic and exciting area to work in,
but the bulk of what constitutes our accumulated wisdom has evolved slowly
over many years. It would have been distinctively recognizable to practitioners
working a decade or more ago.
This second edition is not a complete rewrite of the first. Most of the material
in the first edition remains valid and current today. Approximately 30% of the
content in this edition is either new or extensively revised. The remaining 70%
has had minor modifications or none at all.
-
Books get outdated, tutorials get outdated too. In general, resources get outdated. I don't matter books vs tutorial or whatever, but i like resources that give good explanation. You might say that reading a couple tutorials and getting hands dirty is enough, in my opinion it is not. Most tutorials just tell you how to do things, but you aren't really understanding why you can exploit a certain vulnerability and your skillset will always be limited. The truth is, it depends on what you are looking for.
Did you try this?
https://www.hacking-lab.com/index.html (https://www.hacking-lab.com/index.html)
Here's a list of challenges:
https://www.hacking-lab.com/Remote_Sec_Lab/caselist/ (https://www.hacking-lab.com/Remote_Sec_Lab/caselist/)
Thanks for sharing, i'm taking a look at it now.
-
This means that I should be able to discover a large spectrum of vulnerabilities while a black hat hacker might focus on just a few (say SQLi and XSS).
Did you read that in a book?
-
Did you read that in a book?
Yes. A black hat hacker can DSF whereas a pentester need to BSF.
-
See that's exactly the problem. If all your info is based on books then you end up making ridiculously broad generalizations like that one. Reading is good, but there's only so much you can take from a book. Nothing substitutes for a little hands-on experience.
Also, reading is not the best way to learn. It's the best way for some people to learn. Some people learn by hearing, some learn by seeing, some learn by doing.
-
See that's exactly the problem. If all your info is based on books then you end up making ridiculously broad generalizations like that one.
Are you saying that if I had read a few quick tutorials by now I'd be an expert? I doubt that.
Also, you should explain to me what's so ridiculous about what I said. Try to be constructive.
Reading is good, but there's only so much you can take from a book. Nothing substitutes for a little hands-on experience.
Also, reading is not the best way to learn. It's the best way for some people to learn. Some people learn by hearing, some learn by seeing, some learn by doing.
I only said that, for me, reading a good book, when available, is the best way to start learning something. That doesn't contradict what you said.
-
Are you saying that if I had read a few quick tutorials by now I'd be an expert? I doubt that.
No. I said that a little bit of hands on practice can be worth more then ten books. I promise you that.
I only said that, for me, reading a good book, when available, is the best way to start learning something. That doesn't contradict what you said.
This is a fair statement. If that's how you learn best then do it by all means. I must've gotten caught up in the idea..
-
No. I said that a little bit of hands on practice can be worth more then ten books. I promise you that.
I completely agree with you!
Now give me back my cookie ;D
Just joking! :)
-
I completely agree with you!
Now give me back my cookie ;D
Just joking! :)
I don't take cookies. Obviously someone else also disagreed with something you've said.
-
I don't take cookies. Obviously someone else also disagreed with something you've said.
I don't care about cookies, but I think that such a system is immoral if used this way. At least here, skills and dedication to the community should be all that matters. One shouldn't down vote somebody else just because he/she doesn't agree with him.
But since I couldn't care less, I'll keep speaking my mind and damn the consequences!
-
This is likely deadish, but anyhow..
Not only do you need 900 pages to cover web exploitation, but I also think they're not nearly enough.
For instance, the book merely touched on silverlight, Java applets, ActiveX controls and Flash objects. To reverse engineer native code, you need to know assembly, how to use ollydbg and IDA pro, how to beat obfuscation, etc... 1000 pages wouldn't be enough.
Web exploitation is way more complex than what you think, IMHO.
Directly from the book:
You have no idea what I think. Silverlight, ActiveX and Flash objects should not be considered a web exploitation subject unless the vector has to do with the regular web browser issues like xss / open redirection and such via a flash object and in that case it's not a flash vulnerability, but a problem related to the actionscript script. ActiveX, Flash or Java are usually binary exploitation with a remote vector e.g. a web browser with a plugin to handle the mentioned technologies. Web exploitation should consists of programming or logical errors related to the application running on a webservert or how the browser handle or are expected to handle HTML and Javascript. Getting RCE on Apache is not considered web hacking.
Generalising and even providing more specific / advanced examples of OWASP top 10 does not require 900 pages. Teaching stuff like abusing application logic to e.g. bypass security functionality or leaking information is not possible in a general way as it requires specific knowledge of the application.
I've read books about more theoretical stuff like discrete mathematics, computer architecture or data structures and algorithms, but I have to agree with the others, this topic needs hands on experience. From a hiring POV I've been to too many job interviews with people claiming to know simple stuff like in web exploitation, but when asked to coin poc's they fail.