Author Topic: [Help] Web Hacking  (Read 3118 times)

0 Members and 6 Guests are viewing this topic.

Kiuhnm

  • Guest
[Help] Web Hacking
« on: November 03, 2014, 12:44:12 am »
I started my hacking adventure with code exploitation (now I know how to bypass DEP and, when possible, ASLR). Now I think I'll move to cryptography (http://cryptopals.com/) and Web App Hacking.
Where should I start? What about this book?
http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470
Also, should I study Javascript, PHP, ASP.NET etc...?

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: [Help] Web Hacking
« Reply #1 on: November 03, 2014, 03:42:18 am »
ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.

You'll want to look at HTML and CSS (derp)
PHP for Server Side Dynamic Webpages
Javascript for Client Side dynamic Webpages
SQL for database queries, and yes, asp, and ajax, and such will all help you, but the five there are, again, IMO, the biggest/most important things to learn.

There are lots of Tuts in our tutorial section for this sort of thing, tho tbh if you're jumping around from subject tp subject youll probably only need t olook at SQLi and XSS problems :p
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: [Help] Web Hacking
« Reply #2 on: November 03, 2014, 06:30:22 am »

ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.

You'll want to look at HTML and CSS (derp)
PHP for Server Side Dynamic Webpages
Javascript for Client Side dynamic Webpages
SQL for database queries, and yes, asp, and ajax, and such will all help you, but the five there are, again, IMO, the biggest/most important things to learn.

There are lots of Tuts in our tutorial section for this sort of thing, tho tbh if you're jumping around from subject tp subject youll probably only need t olook at SQLi and XSS problems :p
The above things will be effective if you know these labguages.. It'll be really easy for you to graspup the concepts and learn more faster and easier.. :)
There are hell lot of problem you'll face but if you know above things.. You are on a boost.. \m/ Happy hacking.. ;)
"Security is just an illusion"

Kiuhnm

  • Guest
Re: [Help] Web Hacking
« Reply #3 on: November 03, 2014, 05:21:43 pm »
I already know HTML, CSS, Dart, PL/SQL (Oracle), MongoDB, redis and I read a book about Javascript and HTML5 a few years ago but then I decided to develop Single Page Applications in Dart (Google's new language).
I kind of hate Javascript with all its idiosyncrasies and oddities so I switched to Dart and don't regret it. Unfortunately, to become a hacker I need to deal with Javascript all over again :(

Kiuhnm

  • Guest
Re: [Help] Web Hacking
« Reply #4 on: November 03, 2014, 05:26:20 pm »
ehhh.. one man's opinion? There is nothing that can be taught in a book that can't be taught via some quick tutorials. At least for Web-Apps, after that its just a matter of practice.

I'm not sure I agree with you on this. That's a 900-page book. I doubt some quick tutorials can offer the same amount of information.

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: [Help] Web Hacking
« Reply #5 on: November 09, 2014, 01:24:08 pm »
I already know HTML, CSS, Dart, PL/SQL (Oracle), MongoDB, redis and I read a book about Javascript and HTML5 a few years ago but then I decided to develop Single Page Applications in Dart (Google's new language).
I kind of hate Javascript with all its idiosyncrasies and oddities so I switched to Dart and don't regret it. Unfortunately, to become a hacker I need to deal with Javascript all over again :(
JS is just one tiny part..
If so then go ahead with some basic of web app exploitation or try exploiting different attacks..
If you don't know which types of attack there are and how to exploit and patch them I have a useful link for you to move one step forward:
https://www.owasp.org/index.php/Category:Attack
Check this, it has lots of we app attacks, their explanation, patch and exploitation..
Includes mobile based attacks,
Client side attacks,
Encoding, Session flaws, types of db injection, SSI and hell lot of things.. :)
If it helped you +1 please! :D
hahah Kidding..
"Security is just an illusion"

Kiuhnm

  • Guest
Re: [Help] Web Hacking
« Reply #6 on: November 09, 2014, 01:38:09 pm »
I already know OWASP, but I decided to start with the book. I like to be systematic in my study. I always start with big comprehensive books and then move to tutorials and articles to keep myself up to date.

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: [Help] Web Hacking
« Reply #7 on: November 10, 2014, 12:06:21 am »

I already know OWASP, but I decided to start with the book. I like to be systematic in my study. I always start with big comprehensive books and then move to tutorials and articles to keep myself up to date.
Ohhhw.. Your wish..!!
By tutorials you will learn more faster! Thats all We are trying to explain.. :)
"Security is just an illusion"

Kiuhnm

  • Guest
Re: [Help] Web Hacking
« Reply #8 on: November 10, 2014, 04:07:16 pm »
Ohhhw.. Your wish..!!
By tutorials you will learn more faster! Thats all We are trying to explain.. :)

I don't see how that's possible. Are you saying that books are full of useless stuff?
Good books are the result of a thorough work of synthesis and reorganization of material that is scattered throughout the Internet or can be found in technical papers. Books are good for mathematics, machine learning, statistics, reverse engineering, etc...
Is Web Application Penetration Testing so different than books become inefficient?
I find it difficult to believe...

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: [Help] Web Hacking
« Reply #9 on: November 12, 2014, 04:01:21 pm »

I don't see how that's possible. Are you saying that books are full of useless stuff?
Good books are the result of a thorough work of synthesis and reorganization of material that is scattered throughout the Internet or can be found in technical papers. Books are good for mathematics, machine learning, statistics, reverse engineering, etc...
Is Web Application Penetration Testing so different than books become inefficient?
I find it difficult to believe...
Well, didnI say books are useless.. Don't take it in a wrong way brother.. I was just trying to give my suggestion.. Take it or leave it.. Don't misunderstand me and take the topic somewhere else.. Thats all.. :)
"Security is just an illusion"

Offline lady__godiva

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 1
    • View Profile
Re: [Help] Web Hacking
« Reply #10 on: November 12, 2014, 05:31:14 pm »
That book is a really good one in my opinion and it can be considered a good starting point. It's well written and covers a wide variety of topics but remember that it is a book. It is an excellent resource but be sure to make practice as you go on reading it. 900 pages are worth nothing if you do not put what you learnt into practice (legally ofc), also because only by practicing you acquire full awarness and knowledge about that specific technique.
Everything's relative

Kiuhnm

  • Guest
Re: [Help] Web Hacking
« Reply #11 on: November 12, 2014, 09:29:01 pm »
That book is a really good one in my opinion and it can be considered a good starting point. It's well written and covers a wide variety of topics but remember that it is a book. It is an excellent resource but be sure to make practice as you go on reading it. 900 pages are worth nothing if you do not put what you learnt into practice (legally ofc), also because only by practicing you acquire full awarness and knowledge about that specific technique.

The authors of that book offer a lab full of challenges/exercises. The access to the lab is 7 dollars per hour if I remember correctly. I think that's the easiest way to put what you learn in the book into practice. The main advantage is that you can focus on single topics as you study them in the book as opposed to having to deal with full penetration testing when you're still not ready.
That would be the first time I pay for my education (OK, except for the university) and so I'll leave that as a last resort.
Here are a few resources I could use:
http://www.amanhardikar.com/mindmaps/Practice.html
« Last Edit: November 12, 2014, 09:30:22 pm by Kiuhnm »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: [Help] Web Hacking
« Reply #12 on: November 13, 2014, 04:34:08 am »
I'm not sure I agree with you on this. That's a 900-page book. I doubt some quick tutorials can offer the same amount of information.
Quality of information is not measured in the quantity of words.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline lady__godiva

  • /dev/null
  • *
  • Posts: 8
  • Cookies: 1
    • View Profile
Re: [Help] Web Hacking
« Reply #13 on: November 13, 2014, 10:58:09 am »
The authors of that book offer a lab full of challenges/exercises. The access to the lab is 7 dollars per hour if I remember correctly. I think that's the easiest way to put what you learn in the book into practice. The main advantage is that you can focus on single topics as you study them in the book as opposed to having to deal with full penetration testing when you're still not ready.
That would be the first time I pay for my education (OK, except for the university) and so I'll leave that as a last resort.
Here are a few resources I could use:
http://www.amanhardikar.com/mindmaps/Practice.html

True, the lab they provide allows you to experiment a bit, but in the long run 7$/hour can be quite a big amount. Unluckily i don't know many alternatives, there's Hack this site, but personally i don't like it.
Everything's relative

Offline Nortcele

  • Knight
  • **
  • Posts: 211
  • Cookies: -42
  • █+█=██
    • View Profile
Re: [Help] Web Hacking
« Reply #14 on: November 13, 2014, 01:36:31 pm »
Go to the Ebooks section, don't buy anything on the Internet.
~JaySec
~LulzBlog

TAKE A COOKIE!




0100000101010011010000110100100101001001