EvilZone

Hacking and Security => Beginner's Corner => : assjiggler September 22, 2015, 05:50:03 AM

: What steps do i take to hack a php site with no variable ?
: assjiggler September 22, 2015, 05:50:03 AM

so say for example i wanted to mess around with a site. 

i went to url.com/images -> got a list of the images
i went to url.com/index.php -> got the home page as well
tried using a poison null byte to view the code but im Stuck.
tried adding /admin/ 

im just not sure of what to do on a php site the doesnt have a ?page=aboutus or ?id=15

what steps would you try in order to go back a directory or find the admin or .htaccess  just never really seen an example of what to do when a php page has no variable

sry if its a beginner question. just learning here

: Re: What steps do i take to hack a php site with no variable ?
: Kulverstukas September 22, 2015, 07:18:53 AM

If it has no variable, I'm not sure there's a way into the website through it. You can't do directory traversal just by writing url.com/../bla because it's apache that handles those requests and it doesn't allow it. Also last time I heard of "poison null byte" was last decade lol.
If you are sure it has an admin panel, maybe try fuzzing, there are plenty tools for that, but keep in mind that those are noisy tools.

: Re: What steps do i take to hack a php site with no variable ?
: hcac September 22, 2015, 11:49:02 AM

As far as I understand, you don't see any parameters in URL which the website links are set to?
This doesn't mean that the website doesn't get any input, if it's not just some HTML pages.
Those seen in URL are sent through GET method, while those you don't see, are sent through POST method.
(http://www.w3schools.com/tags/ref_httpmethods.asp)
There are various input methods afaik, like cookies you can checkout.

In order to find directories in a website, you can use Google, spiders, directory brute forcers which try different things to see if they exists and there are specific brute forcers for admin pages/directories, just search a bit, you'll find 'em.

: Re: What steps do i take to hack a php site with no variable ?
: assjiggler September 22, 2015, 12:37:29 PM

awesome great advice thanks guys! ill do more research!

i was just thinking maybe i could add a variable my self or find a way to view the php code. or maybe some how get to something good since i was able to get into one directory

: Re: What steps do i take to hack a php site with no variable ?
: AnAnimal September 22, 2015, 01:08:48 PM

The variable may also be modified by mod_rewrite settings, e.g. it's set to translate url.com/images to url.com/index.php?page=images

you can try to brute-force find the variable name, trying if e.g.page=images, subtopic=images (popular variables names list you can found in the internet) and see the site behavior.

however, there might be no database implemented in the site and/or it simply can be impossible to "hack"  from application level, because it's too simple to have a security hole in the application