LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-07-2001, 12:45 AM   #1
anoop_chandran
Member
 
Registered: Nov 2001
Distribution: Redhat 7.0 ,mandrake 8.0 ,Redhat 7.2
Posts: 99

Rep: Reputation: 15
Talking Hack Hack


hi guys,

How can i find out whether a certain website is "hackable" or not ? ;-)..


i'm asking u guys abt first lessons of hacking..............!
where can i find more info on this ,some cool sites plz!

Bye
 
Old 12-07-2001, 02:20 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 260Reputation: 260Reputation: 260
well first of all, i wouldn't openly say or talk about hacking a site on a forum, but the way i see it, any site is hackable, it just depends on how good you are a hacker. try www.2600.com , its all about hacking.
 
Old 12-07-2001, 02:42 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Hacking IMO isn't a topic here.

Please go somewhere else with this question.

The first thing you need to learn is how to search for stuff, so I won't give you any URI's, just search for them:
Immortal Descendants, Greythorne, Mammon, Fravia, HCU, W00W00, Teso, Technotronic, Phrack (texts), Packetstrom, HNN, TL Security, BRSF, SWG, also check any site the lists defacements with mirros, description of exploit and nmap traces, Dislessici, Razor, Fyodor (of nmap fame), Hackersclub, and check the white-hats as well: cert, sans, securityfocus, ISS.

If someone drops the soap you *will* remember the day you impressed your friends saying "dudez, m3 1337 h4x0r n0w! WoooWoo!"

YMMV
 
Old 12-07-2001, 04:25 AM   #4
DMR
Member
 
Registered: Jun 2001
Location: Fairfax, California
Distribution: RH 9.0, RH 7.3, Mandrake 8.0
Posts: 986

Rep: Reputation: 30
Fee-Fi-Fo-Fum, I smell the blood of a Trollish One!

As trickykid and unSpawn already suggested: fsck off, you're in the wrong place.
 
Old 12-07-2001, 04:49 AM   #5
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
We need a "don't feed the trolls" sign.

[edit] w00t....300 posts [/edit]

Last edited by Aussie; 12-07-2001 at 04:50 AM.
 
Old 12-07-2001, 06:01 AM   #6
anoop_chandran
Member
 
Registered: Nov 2001
Distribution: Redhat 7.0 ,mandrake 8.0 ,Redhat 7.2
Posts: 99

Original Poster
Rep: Reputation: 15
hey guys...........

i'm sorry for the post ,but i didn't mean any harm,i just wanted to test the site i am trying to design ! i wanted to know whether it is possible to access my site without being authorized(that sort of things....)! and if possible how the intrusion could be logged!

without knowing how and in what and all ways someone could attack a site..how is it possible to test...i thought anyof u may have some knowhow ...

only that .........NO DEVILISH IDEAS..
maybe the way i presented the post was wrong...

sorry for the outbreak,
 
Old 12-07-2001, 07:06 AM   #7
jabble
LQ Newbie
 
Registered: Oct 2001
Location: In
Distribution: redhat
Posts: 8

Rep: Reputation: 0
hey anoop u got to learn a lot bout security man.
READ a lot is what i'll say.

Go thru the following sites(assuming u haven't done that uptil now) :
www.securityfocus.com
www.attrition.org/security
www.tlsecurity.com
this'll atleast give u a start.

read bout various firewalls,IDS,scanners n other os fingerprinting methods.
try scanning ur site externally to see what all data it shows for example open ports,services running,OS name etc.

as trickykid said each n every site is hackable.
all u can do is secure ur site as best as possible but making it unhackable is something just not possible.
 
Old 12-07-2001, 07:14 AM   #8
jabble
LQ Newbie
 
Registered: Oct 2001
Location: In
Distribution: redhat
Posts: 8

Rep: Reputation: 0
sorry its www.tlsecurity.org
 
Old 12-07-2001, 03:53 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594Reputation: 3594
Uh. Ok. Testing. Design. Ok.

I can only be hoping you have read stuff about safe coding :-]

If youre going to test try to make an assessment first, and then a plan. This will help you focus on the parts to test instead of results, because it can be quite hard to determine *where* a point of failure occurs, and if a lot happens you can kinda lose track of what to do. It also singles out tests that can't be automated, and helps to convince "buyers" (if you're in that situation) and/or server administrators you're not some maverick presenting another buggy app to the world.

Try to get an overview of the base components that make up the "static" package like the OS, the webserver, any application servers.
With static I mean just the stuff and it's configuration, not any interpreted parts.
Now cruise around for nice options in new versions, vulnerabilities, signs of misconfiguration.
(Note a "webserver" will perform a single task and that is serve. It doesnt and shouldnt have a need for "r" services, user accounts, man pages, X, lpd, BIND, telnetd. Think lean and mean. And itll save time looking for vulnerabilities in that.)

Try to get an overview for any application (+version!) your technical design relies on that deals with connectivity, presentation, manipulation or gathering of data (eg "interaction"), languages like Perl, PHP, Cfm, ASP, TCL, Pike, , and any database, middleware, proxy or gatewaystuff. All can have vulnerabilities either due to misconfiguration: not using chroots, permissions, bad authorization checking method, server runs as root, database over-privileged users, not scrubbing a generic install, or plain simple not checking of boundaries/validating input.

Now test the setup with all components thrown together. Make sure you don't focus on stuff like DOSsing, (in essence the provider should take care of that), but on error handling, validation, performance under load, and if you documented/configured the previous parts well, this is the stage you try to gain access to the application(s) by trying to force "weird" stuff down it's throat :-]

*Some stuff aint necessary if the box you're testing on aint the box itll finally will run on, but keep in mind any dependancies of your technical design might be affected by the move. Thats why professional systems/agencies use a "staging" server for an extra quality check before releasing stuff.

I could ramble on about testing methodologies etc etc, but I hope this gives you a (very very) general idea to work with, for more specific questions on securing/security you're welcome in the security corner.
 
Old 12-07-2001, 11:38 PM   #10
anoop_chandran
Member
 
Registered: Nov 2001
Distribution: Redhat 7.0 ,mandrake 8.0 ,Redhat 7.2
Posts: 99

Original Poster
Rep: Reputation: 15
Thumbs up

wow..thanx man!
i'll go thru the procedures..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hack,,, apenguinlinux General 4 02-22-2005 11:13 AM
hack,, apenguinlinux General 5 02-22-2005 10:40 AM
hack ?help me !! liumang Linux - Security 10 11-28-2004 05:21 AM
what the hack is this? doublefailure Linux - Security 13 04-24-2003 01:23 PM
hack ? spooge Linux - Security 4 01-21-2003 12:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration