Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

The next five videos in the course discuss the reasons why sites get hacked. These are actually a series of steps which comprise the hacker methodology. The primary reason websites are hacked is because they present a large attack surface. Web apps are software projects that are subject to the vulnerabilities of poor coding practices that result for inadequately training developers typically working under cost constraints where the priority is to ship product. Security is usually not a priority and is often an afterthought. Foot printing where the terrain of a webserver is identified is the first step in the hacker methodology. This is accomplished via pings sweeps, Google dorking, and Whois and Web Archive lookups.

Video Transcription

00:04
Welcome to cyber ery I'm Raymond Evans on will be subject matter expert for CyberRays, Web app, penetration, testing course. This video will be discussing Why do websites get hacked and the hacker methodology? So what will be covered?
00:16
We're gonna cover why websites are hacked.
00:18
Quick overview of the common without vulnerabilities. We're gonna go in depth about the hacker methodology. So why the websites get
00:26
websites are a large tax surface as companies automating more that products and service is that attack surface grows immensely.
00:34
Valve mental constrains factor into this vulnerability as well. Increased demand with limited time for development and testing, increase the flaws and Web applications
00:42
increasing Maur information available or line and increased vulnerabilities make websites pretty easy prey for Attackers. A lot of times, companies will just spit out new web applications. They want their website now do widget X, and they have to get widget. Excellent market
01:00
as quick as they can. Because if they don't
01:03
air opposing company was also working on a similar word yet. Ex Well, they're gonna be into it. And people are gonna move you their company.
01:11
So they're gonna push the developers. It's hard. And as quick as they can, and those developers with a lack of
01:19
time and money and,
01:22
you know, not
01:23
proper
01:26
and maybe improper education for secure app development and Web application development
01:32
are going to turn out a product that
01:34
isn't the most stellar product that you can really think of. So that's why websites get hacked.
01:38
So what are some of the common attack vectors? Well,
01:42
there's cross site scripting or excess s is used to inject code into a Web site and bypass access controls.
01:49
Sequel injection is used to enumerate databases and steal information.
01:53
Local file inclusion allows an attacker to first file system.
02:00
Remote file inclusion allows an attacker to execute a remote file on a Web server to steal data.
02:06
The new ARO manipulation allows an attacker to gain access our information from a website when poor user controls are implemented. So it's actor methodology.
02:15
Well, they're steps for attacking a target which, if all properly, can result in a successful attack.
02:21
So when you're performing a Web pen test, this something you want to do to you wanna step through and follow every single one of these processes to get your the best product that you can for whoever you're delivering the report to. So first it starts with foot printing,
02:40
so it's passively getting information.
02:43
Then we're gonna scan and map the network.
02:46
After we scared him out of the network, we're gonna enumerating, find vulnerabilities.
02:51
Then we can gain access by performing penetration.
02:54
So you're gonna maintain access
02:58
something like creating a new user account on the system that you can log in with, or setting up some kind of backdoor to constantly call out to a listener that you may have finally gonna want to cover your tracks. So alter logs and hide your activity, or even delete the logs that way. Logs don't even exist. So first foot printing
03:16
there many ways to perform for putting on a target.
03:20
You perform paying sweeps, which are used to identify machines on I P Range. It may be active.
03:24
There's gonna be allowed, and it's
03:27
some. I could find you with a pink sweet
03:30
unless you do it
03:31
very, very slowly, then you're least less likely to get caught.
03:37
You can use who is, which is an open source information
03:40
database about companies such as I P addresses and contact info.
03:46
Use Google hacking a Google Dorking,
03:49
which uses
03:50
Google search engine
03:52
with specialized queries to get information.
03:54
And then, finally, you can use the Internet time machine at archive dot org's view. Older version was a website doesn't give you insight into trans or view information that was posted on a Web site accidentally. So sometimes things might get posted on a Web site in my sit there for a day or two. And that's my realizes. Oh, ***. This isn't supposed to be there
04:13
and they delete it. Well, that archived out or website takes pictures of snapshots of these Web pages,
04:19
and that information could still be there.
04:25
So first we're gonna show you that who is here. So I went to the Who is Paige.
04:30
We taped in Google commonly looked it up.
04:31
And from this, we can find the contact information for the admin tech team. The registrant and all this information could be used
04:42
for social engineering, and in fact it could be also used if you want to perform
04:48
a physical attack as well in your assessment. So if you want to actually go to a vacation
04:56
and see how well you can Social engineer individuals at the location.
05:00
This information becomes really important.
05:04
Figured out further, you can find the name, servers
05:09
and more information that can help you
05:13
playing an attack
05:15
better against your target.
05:18
So who is information
05:21
is very, very important information for you to look up
05:26
next. We have the Internet wayback machine.
05:29
So you click anywhere on this way back machine.
05:34
It's like 2010.
05:39
Pick a random date,
05:41
the Marine of time.
05:46
Here we see an old version of this Web page. Now we go even further back.
06:01
Just give you a better idea of what you can see.
06:12
You go as far back to see the very first versions of the Web pages that ever existed.
06:20
Here you see the Google search engine prototype,
06:26
so
06:27
the Wayback Machine can be very, very helpful when trying to find
06:32
pieces of information that may have been leaked on the Internet.
06:38
And finally, we have Googled working. So we typed site side eff dot com, which is my Web page,
06:46
and so that pulls up every page for side eff dot com.
06:51
Go through and see every page, recite off.
06:55
Well, we can then had
06:57
file type.
07:01
Pdf. You know the less every pdf that is located on that Web page.
07:06
So this could be useful for finding things that may be on the Web page and Internet facing facing out to Internet that they necessarily might not want facing out to the Internet. So sometimes people play,
07:19
um, internal
07:21
network maps on there. Somebody from the I T team who doesn't know better might put that on their internal phone directories, maybe on there as well. So all kinds of awesome information can be found by just changing these these file types here
07:39
and trying to look for
07:42
different files that may be available in a Web page.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor