Printable View
An "acquaintance" of mine told me he got in trouble for hacking a web site. I took interest and asked him what web server the site was running and he said he didn't know. Is there some other types of vulverabilities that I should worry about, is there something I can do to protect my own server?
If your using IIS from m$ I'd make sure you have the latest patches installed.
There's always cgi vulnerabilities. He's probably a script kiddie though.
If he doesn't know what OS then he might be bullshitting you, even kiddies do have to know what OS the box runs on.
How will you run the right exploit if you don't know what your dealing with. Oh ok the programs do it for em.
Just patch your box and make sure it's not M$, even Linux is not an advice you will get from me.
Try OpenBSD or a Mac running Webstar.
base on my experience, as a system administrator (ahemm), it depends on what you are running, and what does it do...
turns out, he ran an exploit for the apache server, I don't know why he said he didn't know what the server was, I think he misunderstood me. But thanks for the info.
There is no need to know the o/s to "hack" a site. A lot of vulnerabilities are coded right into the pages that are displayed. But of course, it depends on what you are calling a "hack" ... a definition of terms is needed.
When I do a security assessment I sit down at a browser and just start viewing the pages and links and source code. My 1st question isn't ever "is it apache or IIS?" nor is it "is it running on *nix or Win?" My first question is: "What's going on here? What can I do?" I let my curiosity lead.
Most of the time, with corporate entities, the systems ppl and the pgmrs aren't in cahoots. Also, the systems ppl will have hardened the o/s....it's the pgmrs that are sloppy and create the vulnerabilities....holes in php, asp or other cgi components.
hmm well if i were to hack a site.. i would normally check the CGI for flaws or holes..
and when u refer to "hacking a website" what do u mean by that?
did your friend accessed the server's files? or he got inside through the login page with out logging in?..