So you wanna be a hacker? Basics — (Web servers / methods / responses)
Author: dj substance / [email@example.com] [https://9x.network]
‘What is a server? For a moment lets just break down what it is. We think we know what they are. A server on the Inet must tun the standard TCP/IP (Remember those OSI layers you studied last time?) Layer 3,4.
Client [me] — → http://subz.com — — (same as telnet subz.com 80)
……………………………..[subz.com machine] 65,535 ports TCP/UDP
………………………………[ Do not assume port 80 or 443 means http/https]
…………………………………[ May ping (icmp reply) or may not . ]
Ninja trick: When you know your target, always nslookup <hostname> to get the IP and try both https://<ip> and http://<ip> alot of times they will be misconfigured.
You are going to come in contact with WWW servers constantly while browsing, and whether you want to be a pentester or just a educated user, this is an essential read. The things that you need to know from a high level when you visit a web site or even think about clicking a URL:
— — — — — — — — — — — — — — — — — — — — — — — — — — — — —
** Verify the site is using https:// there should be *very* few sites w/o it
** Verify the certificate is valid, also check the history of the site and its SSL certificates @ https://crt.sh, this site is a :goldmine: and also is an incredible source of getting subdomains enumerated.
Also, there are great sites out there you can use to hit the site for you first, so you can verify its safe and your IP will stay anonymous.
https://www.whatsmyip.org/http-headers/ — This site will let you proxy thru it to check what the remote url is
Lets stop for one second at that last bullet, I mentioned making sure that you see a valid certificate. I know we are all guilty of it, just bypassing the annoying “cert cannot be trusted”, but bypassing this and just accepting what is says could be a very bad idea leading to complete system compromise. We arent getting into it (not in this session) but picture me (bad guy) sitting in my car bumping some trance with my netbook hooked up, kali fired up and 3 high power alfa wifi cards and yagis (directional antennas) pointed at the wireless access points (for Walmart guest for instance). It would probably take about 15m max to have every user on the guest wifi of Walmart (example of course), and obviously the client will try to re authenticate. One tactic SWIM (Someone Who Isnt Me) would use is force the client to connect thru me, and i route back to walmarts wifi and i can see all your session (google: web mitm attack).
For now i want you to go download nmap/zenmap get used to scanning ports, if the host(s) dont ping add -P0 to the nmap command
We will go over both the following and the numbered response codes next time, try to learn them ahead of time
Top HTTP Status Codes
404 Not Found
503 Service Unavailable
500 Internal Server Error
502 Bad Gateway