| Author |
My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
Ok, I have decided that I am going to be writing a web hacking e-book, as the title says. It will be very in-depth, not a dinkly little article less than 1000 words, etc. It will cover Basic -> Medium -> perhaps some more advanced stuff. It will be full with pictures and diagrams, etc. Not sure whether or not there will be accompanying videos, but I might do that as well.
What I want to know from you guys, is specifically what all do you need / want to see.
So far I have thought of:
XSS
SQL Injection
CSRF
RFI
LFI
I know there are more types of exploits but, I again, I want to know what you guys want. If what you want is already specified above, please explain exactly what you want in that category(such as something not gone over much or you haven't seen before at all).
Already I have written the XSS chapter, however there might be something that I left out. It has many pictures, about 1500 words and is about 9 pages long. It covers the basics of XSS, shows you how to make an Ajax cookie logger as well, and how to counter XSS.
The exploits will not be done on vulnerable sites because I don't want skiddies to ruin sites, but I might detail exploits that are patched such as my PHP-Fusion exploit that I discovered a few months ago, and others.
Thanks for reading and I hope to release something that will be very beneficial.
Edited by chislam on 02-04-07 01:09 |
|
| Author |
RE: My Own Webhacking E-Book |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
you could throw some JS injections in there in the beginning, ya know, for the easy stuff 
then you could put in some rooting directions or something 
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
well rooting is not exactly web hacking except in some cases such as with lfi/rfi
|
|
|
| Author |
RE: My Own Webhacking E-Book |
Ponguile
Member
Posts: 319
Location:
Joined: 23.10.06
Rank: Apprentice |
|
Ooo can i read the XSS chapter? Also, i second the JS injection, it will probably take up a page or two at most, but is easy to do, and will provide confidence for readers to continue..
|
  
|
| Author |
RE: My Own Webhacking E-Book |
a-hack
Member
Posts: 253
Location:
Joined: 29.05.06
Rank: HBH Guru |
|
session fixation would be good and then ie flaws and exploits.
Atlanta Web Design |
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
i suppose that i can release the XSS chapter right now to see what you guys think. I will add in the JS injection later, but for now I will release the XSS PDF.
here is the URL to the XSS Chapter only.(PDF format)
http://www.sharebigfile.com/file/129346/Web-Hacking---From-Dawn-to-Dusk-XSS-Chapter--pdf.html
Please criticize it by saying what needs to be added, edited, etc. Thanks
Edited by chislam on 02-04-07 02:26 |
|
|
| Author |
RE: My Own Webhacking E-Book |
bigggnick
Member
Posts: 588
Location: the moon
Joined: 25.08.05
Rank: God |
|
i enjoyed it, it think its great!
What i must suggest tho is put a part about URL based xss, such as www.site.com/index.php?thing=<scblockedript>alert("XSS" ;</scblockedript>
EDIT: If you want a hand writing I'll do some
fuck this.
Edited by bigggnick on 02-04-07 02:57 |
|
|
| Author |
RE: My Own Webhacking E-Book |
HackingForce
Member
Posts: 328
Location: -ⁿººƁ.land-
Joined: 24.11.06
Rank: Mad User |
|
bigggnick wrote:
i enjoyed it, it think its great!
What i must suggest tho is put a part about URL based xss, such as www.site.com/index.php?thing=<sc blockedript>alert("XSS" ;</sc blockedript>
I Agree and add some Basic pass cracking with JTR, for the noobs..
Nice work btw..
Edited by HackingForce on 02-04-07 02:54 |
|
|
| Author |
RE: My Own Webhacking E-Book |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
I liked it too, really informative, and the pictures and examples help a lot 
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
Ok, thanks for some quick replies. Realize that I wasn't even planning on releasing anything tonite, but Ponquile wanted to see what it is so far, so I tried to make a quick release of the just the XSS chapter. Realize that this is not even 1/5 of the way completely done. XSS is not the only type of web hacking.. lol. I will cover everything I said in my very first post just as in depth as this XSS chapter, if not more. They will all have their section that tells you how to secure against, etc. like the XSS chapter. I will try to perhaps do the LFI / RFI chapter next, so look for that this week sometime. Final completion of the book, probably will be done, by the end of April I hope.
|
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
Oh and if you want to submit anything, just PM me it or send me a link to a .txt / .doc of it. I am doing it all in Word,and then converting it to PDF.
|
|
|
| Author |
RE: My Own Webhacking E-Book |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
good, I can't wait...
and in the meantime, I'll try my best to think of some other topics you can put in your ebook
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: My Own Webhacking E-Book |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
I realy want to read the CSRF chapter. drooling with anticipation!
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: My Own Webhacking E-Book |
regit
Member
Posts: 135
Location: 0.0.0.0 (127.0.0.1 is to popular)
Joined: 01.05.06
Rank: Elite |
|
|
SQL Injection
Does that include Blind SQL Injection??
|
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
It includes everything. Trust me I want to make this complete, not leaving out much at all in the web hacking side of things.
|
|
|
| Author |
RE: My Own Webhacking E-Book |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
good
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
|
| Author |
RE: My Own Webhacking E-Book |
Zer0Man
Member
Posts: 192
Location: England, UK
Joined: 02.01.07
Rank: HBH Guru |
|
Could there be a section on "How to use" such things as jtr, Cain etc... for us noobies please?
Thanks in advance.
Social engineering bypasses all technologies, including firewalls. (Kevin Mitnick)
The true computer hackers follow a certain set of ethics that forbids them to profit or cause harm from their activities. (Kevin Mitnick) |
|
|
| Author |
RE: My Own Webhacking E-Book |
Soulhunter
Member
Posts: 53
Location: The Netherlands
Joined: 16.08.06
Rank: Monster |
|
This is a great idea! I'm downloading the first part right now and I'm looking forward to the other parts! and about another subject..hmm..well, I'll think about it Good luck!
EDIT: reading right now and it's great!, but doesn't XSS stand for Cross Site scblockedripting instead of Cross Server scblockedripting?? Or is it both??
Edited by Soulhunter on 02-04-07 16:35 |
|
|
| Author |
RE: My Own Webhacking E-Book |
nights_shadow
Member
Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God |
|
I volunteer for some spell checking, if you want it:
ideal -> idea
"The idea of this type of exploit..."
<b>(bold text) or <h1>(header 1), etc
-> should end the tags, like you did down below, otherwise it just doesn't give the right look to what you're trying to say.
<b>bold text</b> or <h1>header 1</h1>, etc.
Run-on paragraph after you injected <b>hey guys>/b>
Off to coding in php,... - > We will be coding this logger in PHP,...
Because "Off to coding in php" seems misplaced or just missing something.
So a new user visits the guestbook... -> So a new user visits the guestbook, lets say his username is Jake.
^otherwise the sentances seem to be fillers
Yep you got it, pwd123 -> Yep, you got it, pwd123
Also, i'm not exactly sure on this one, but i don't think "yep" is a real word.
Now I will respond to the question i see a lot -> Now, I will respond to the question i see a lot.
Because words meaning time that start the sentance need a comma after it.
Well, we get around this... -> Yes, but we can get around this...
You didn't actually answer the quesion, you just went into your explanation.
Well the underlying reason of why we want to use it, is because...
This is a hard sentance to understand.
1.) Well, the
2.) Do you need that comma after it
3.) Try not to use the same word to start sentances one after another. An example would be "well." You used it to begin two sentances that are right next to each other. Try not to do that.
...you would post for your Message: -> Why is the "m" capitalized?
...now stored as a .txt on our server -> Different use of extension, you referred to it as just txt before, don't change things like that on your readers.
This effect -> This technique
...your message was that there is a call to an external... -> ...your message was and that there is a call to an external...
So now that you understand how the hacker is thinking in this exploit... ->
1.) So now that you undersand how the hacker can use this exploit...
2.) Seems misplaced, perhaps use this as the start to your next paragraph? Otherwise, it jumps from one idea to a comple other idea.
^could just be me being picky in this one...
...and htmlentities()(there... -> you never ended the ( in front of the word "there."
...after you search something; your -> improper use of ;
...of the s textbox, and you see value='asdf'. -> of the s textbox, and you should see value='asdf'.
Then we would escape the value attribute... -> I think that's a run-on sentance there.
Anyways the point of that example, is... -> Anyways, the point of that example is...
Revise first sentance in conclusion as there are several other errors.
Also, along with the whole, using in the url that was mentioned above. In conjunction with that, say why it has to be used on the site. Like you can't make a yahoo mail XSS and send it to a person logged into gmail and steal the gmail user's cookies. Tell them how setcookie() works and such.
:p
 |
|
|
| Author |
RE: My Own Webhacking E-Book |
chislam
Member
Posts: 511
Location:
Joined: 05.03.06
Rank: God |
|
lol i didn't even realize that i wrote that, yeah pretty much the same thing, just official XSS = site i suppose
|
|
|
Main:
