Welcome to cyber ery I'm Raymond Evans on will be subject matter expert for CyberRays, Web app, penetration, testing course. This video will be discussing Why do websites get hacked and the hacker methodology? So what will be covered?
We're gonna cover why websites are hacked.
Quick overview of the common without vulnerabilities. We're gonna go in depth about the hacker methodology. So why the websites get
websites are a large tax surface as companies automating more that products and service is that attack surface grows immensely.
Valve mental constrains factor into this vulnerability as well. Increased demand with limited time for development and testing, increase the flaws and Web applications
increasing Maur information available or line and increased vulnerabilities make websites pretty easy prey for Attackers. A lot of times, companies will just spit out new web applications. They want their website now do widget X, and they have to get widget. Excellent market
as quick as they can. Because if they don't
air opposing company was also working on a similar word yet. Ex Well, they're gonna be into it. And people are gonna move you their company.
So they're gonna push the developers. It's hard. And as quick as they can, and those developers with a lack of
and maybe improper education for secure app development and Web application development
are going to turn out a product that
isn't the most stellar product that you can really think of. So that's why websites get hacked.
So what are some of the common attack vectors? Well,
there's cross site scripting or excess s is used to inject code into a Web site and bypass access controls.
Sequel injection is used to enumerate databases and steal information.
Local file inclusion allows an attacker to first file system.
Remote file inclusion allows an attacker to execute a remote file on a Web server to steal data.
The new ARO manipulation allows an attacker to gain access our information from a website when poor user controls are implemented. So it's actor methodology.
Well, they're steps for attacking a target which, if all properly, can result in a successful attack.
So when you're performing a Web pen test, this something you want to do to you wanna step through and follow every single one of these processes to get your the best product that you can for whoever you're delivering the report to. So first it starts with foot printing,
so it's passively getting information.
Then we're gonna scan and map the network.
After we scared him out of the network, we're gonna enumerating, find vulnerabilities.
Then we can gain access by performing penetration.
So you're gonna maintain access
something like creating a new user account on the system that you can log in with, or setting up some kind of backdoor to constantly call out to a listener that you may have finally gonna want to cover your tracks. So alter logs and hide your activity, or even delete the logs that way. Logs don't even exist. So first foot printing
there many ways to perform for putting on a target.
You perform paying sweeps, which are used to identify machines on I P Range. It may be active.
There's gonna be allowed, and it's
some. I could find you with a pink sweet
very, very slowly, then you're least less likely to get caught.
You can use who is, which is an open source information
database about companies such as I P addresses and contact info.
Use Google hacking a Google Dorking,
Google search engine
with specialized queries to get information.
And then, finally, you can use the Internet time machine at archive dot org's view. Older version was a website doesn't give you insight into trans or view information that was posted on a Web site accidentally. So sometimes things might get posted on a Web site in my sit there for a day or two. And that's my realizes. Oh, ***. This isn't supposed to be there
and they delete it. Well, that archived out or website takes pictures of snapshots of these Web pages,
and that information could still be there.
So first we're gonna show you that who is here. So I went to the Who is Paige.
We taped in Google commonly looked it up.
And from this, we can find the contact information for the admin tech team. The registrant and all this information could be used
for social engineering, and in fact it could be also used if you want to perform
a physical attack as well in your assessment. So if you want to actually go to a vacation
and see how well you can Social engineer individuals at the location.
This information becomes really important.
Figured out further, you can find the name, servers
and more information that can help you
better against your target.
So who is information
is very, very important information for you to look up
next. We have the Internet wayback machine.
So you click anywhere on this way back machine.
Here we see an old version of this Web page. Now we go even further back.
Just give you a better idea of what you can see.
You go as far back to see the very first versions of the Web pages that ever existed.
Here you see the Google search engine prototype,
the Wayback Machine can be very, very helpful when trying to find
pieces of information that may have been leaked on the Internet.
And finally, we have Googled working. So we typed site side eff dot com, which is my Web page,
and so that pulls up every page for side eff dot com.
Go through and see every page, recite off.
Well, we can then had
Pdf. You know the less every pdf that is located on that Web page.
So this could be useful for finding things that may be on the Web page and Internet facing facing out to Internet that they necessarily might not want facing out to the Internet. So sometimes people play,
network maps on there. Somebody from the I T team who doesn't know better might put that on their internal phone directories, maybe on there as well. So all kinds of awesome information can be found by just changing these these file types here
and trying to look for
different files that may be available in a Web page.