Author Topic: read and download website directory content : is possible ?  (Read 1939 times)

0 Members and 1 Guest are viewing this topic.

Offline yuco91

  • /dev/null
  • *
  • Posts: 5
  • Cookies: 0
    • View Profile
read and download website directory content : is possible ?
« on: September 20, 2013, 02:52:17 pm »
Hi guys !
 
 I'm new on the forum. I state that I'm a very noob of hacking world so don't blame me for this question.
 
 I'm developing a website in PHP and I wonder if there's a way to attack the server and try to read and "download" the full sources of my site. Maybe there are some tools for this or this is pratically impossible ? If someone can do this, there a way to protect the site against these kind of attacks?
 
 Thx in advance for your attention  ;)

Offline rasenove

  • Baron
  • ****
  • Posts: 950
  • Cookies: 53
  • ಠ_ಠ
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #1 on: September 20, 2013, 03:38:40 pm »
First go post a long intro (atleast 500 words) in the introduction board.
My secrets have secrets...

Offline vezzy

  • Royal Highness
  • ****
  • Posts: 771
  • Cookies: 172
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #2 on: September 20, 2013, 04:08:57 pm »
Hint: HTTP verb tampering.

At least that's one way.
« Last Edit: September 20, 2013, 04:09:21 pm by vezzy »
Quote from: Dippy hippy
Just brushing though. I will be semi active mainly came to find a HQ botnet, like THOR or just any p2p botnet

Offline yuco91

  • /dev/null
  • *
  • Posts: 5
  • Cookies: 0
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #3 on: September 20, 2013, 04:45:30 pm »
Hint: HTTP verb tampering.

At least that's one way.

thanks for this hint. I think this can be a good start point. 

Offline Thor

  • Serf
  • *
  • Posts: 29
  • Cookies: 15
  • whoami?
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #4 on: September 21, 2013, 03:53:41 am »
You should check you have disabled directory listing on your server. Although it shouldn't allow someone to read the source code, it makes it easy to map the web application and may expose some sensitive files.
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: read and download website directory content : is possible ?
« Reply #5 on: September 21, 2013, 08:26:52 am »
PHP files cannot be viewed on the client side unless you put the PHP files in a directory listing for download. If PHP files are there to provide content , then the user will only see what content gets generated.

Offline yuco91

  • /dev/null
  • *
  • Posts: 5
  • Cookies: 0
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #6 on: October 06, 2013, 11:21:00 am »
great ! I make this question because I listened from a friend that some hackers can do this and leak all source code from website with the aim to blackmail the original developers or for resell the code to other people.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #7 on: October 06, 2013, 11:27:13 am »
Dont believe anything you hear.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

arty

  • Guest
Re: read and download website directory content : is possible ?
« Reply #8 on: October 06, 2013, 06:10:54 pm »
But do believe the things you see.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: read and download website directory content : is possible ?
« Reply #9 on: October 06, 2013, 08:22:29 pm »
But do believe the things you see.

« Last Edit: October 06, 2013, 08:22:46 pm by Kulverstukas »

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: read and download website directory content : is possible ?
« Reply #10 on: October 07, 2013, 09:27:55 am »
great ! I make this question because I listened from a friend that some hackers can do this and leak all source code from website with the aim to blackmail the original developers or for resell the code to other people.
Yes, but this won't happen to you with 10 visitors a year. Getting the source code would usually go though LFI, or a full path disclosure and the hacker finding php file with a wrong extension like .php.bak, .php~ wich are not in the MIME filetype list of PHP/Apache so they are parsed as plain text and shown to the user on request. 
~Factionwars