Web Hacking

Web hacking in our days when web application security is too weak to resist to the hundreds of minions who work in this field, web hacking has become a real danger with all those informations in databases.

When we speak about web hacking, most of the time we won’t use any special tool, the best web hacking tool is firefox with it’s plugins, you’ll see later why…

    Toolbox

  • FireCAT – FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.
  • TOR – Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. Works perfectly with FoxyProxy.
  • A proxy list – just in the case you don’t download TOR, or use it in combination with TOR for some proxy chaining effect.
  • Web shells – this package has web shells for php, asp, jsp, cgi, cfm. You’ll never find a site vulnerable to rfi that you will not have the possibility to exploit.
  • js defacement include file

    Cheat Sheets

  • XSS – RSnake’s XSS cheat sheet. Comes with many filter evading techniques, encodings, and other juicy stuff.
  • SQL Injection – a great sql injection cheat sheet, covers the most important sql servers like: SQL, MS SQL and MySQL.

Ok you got the “tools”, now what? I’d recommend you to read some papers about: xss, sql injection, blind sql injection, csrf, etc. And when you think you got enough brains can start putting all that brain at work at hack this site.

1 comment so far

  1. Web Hacking | uNkn0wn.eu on May 8, 2008

    [...] Source: Insane Security [...]

    Reply

Leave a reply