RE: FN-FORUM: hack a site

date posted 6th January 2004 16:17

Hi Darren

Hacking:

If you want to get into this sort of malarky, you could try
www.searchlores.org which is deliberately difficult to navigate, but has
loads of interesting stuff, if you stick with it. It is not explicitly about
hacking, it sees itself as being about gathering information, so there are
lots of search engines hacks n tips etc. There are links to tools, that you
could use for hacking on this site. www.2600.org is also an interesting
website, where you can learn quite a lot of interesting stuff, although
again you will need to do your own research to apply it.

If you want to jump straight into it, then you could join some script kiddie
IRC channel or other, and say things like gr8 and l8r - I think I am too old
to be a script kiddie now. :-(

Is your website secure:

Is your login page on a http page? if yes, then the password and username
are transmitted across the internet unencoded. If someone was scanning for
passwords they might trap a valid password/ username combination. There are
script kiddie tools, which you can set up to scan for this on the internet.
You should better to put it on a https page. Same thing for your sensitive
data, is the sensitive data displayed using http? if yes, then it is being
transmitted across the internet for anyone to see.

There are numerous password/ username dictionary attacks, which you could
download and try a brute force entry onto your website. Which brings us
nicely onto what will undoubtably be the weakest area of your website, which
is... your users. No matter how secure your site is, if they choose admin
and as a username/ password pairing, you are stuffed.

I would recommend buying a book about web/ computer security, it is a
massive subject.

Finally if they want to be completely secure dont connect sensitive data to
the internet. Having said that if you know the risks, it is usually worth
it.

hth







david.

-----Original Message-----
From: [EMAIL REMOVED] [EMAIL REMOVED] Behalf Of
[EMAIL REMOVED]
Sent: 06 January 2004 14:36
To: FN-FORUM / [EMAIL REMOVED]
Subject: FN-FORUM: hack a site



Afternoon all,

Interesting little project here for anybody that way inclined.

I have a client going live with a new web based client management system.
They are concerned about security via the login page. Simple username
and password setup.

Probably a long shot but anybody on the forum interested in trying to hack
the site email me off list and I'll pass on the details.

Failing that where can I pick up some dodgy hack software to have a go
myself.

regards,

Darren Yates
[EMAIL REMOVED]
http://dittodesign.co.uk
http://www.how-to-make-money-online.info



--
** Get all the Freelance Work you Can Handle *
The Web Design Business Kit will show you proven tactics
and strategies for marketing your business, winning bids,
managing projects and pricing your work. Free Shipping Worldwide.
Read more & get free chapters at: http://www.sitepoint.com/launch/b7c91e/3/4

To advertise here: http://www.freelancers.net/advertising.html