Hacking has been many times taken as a negative term. There are 3 types of hackers generalized on their doings, white hat, grey hat & black hat. White are the good, black are the bad, grey lie in the middle where they don’t harm on intention.

Hacking is a very broad term too. There are different types of hacking, web, server, networks and the list goes on. I started learning basic from an early age and I still barely know anything out there. There is a lot to learn but I will try my best to give out simple things I know.

Accessing a website is not hard if we look at it as an overview. Compromise the server which it is on and you are good to go. There are many tools which we can make note of which you can use to learn the basics.

I will suggest you to install kali linux & metasploitable (If you are unaware of it, research) Best way to learn is yourself because you will know where you are going wrong are learn from the same experience.

If you know what an ls command is which lists you the folders and its rules in a directory. If you run a command as

ls -l

It will give you the same. (Kali Linux)

 

So getting started, you can do “man ls” or “ls –help”, this will give you an overview of the commands.

You can do “ifconfig” on metasploitable and see the inet address/ipv4 address and type in your Kali installation. You must be getting something like this.

If you are not able to see the ipv4/inet address for some reason, follow these steps:

edit the file /etc/network/interfaces

Change:
auto eth0
iface eth0 inet dhcp
To:
auto eth0
iface eth0 inet static
address 172.16.40.10
netmask 255.255.0.0
network 172.16.0.0
broadcast 172.16.255.255
gateway 172.16.2.47
dns-nameservers 172.16.2.4 172.16.2.15

Restart networking by “sudo /etc/init.d/networking restart”

The important thing in finding issues on the web/websites is finding vulnerabilities which can be done by information gathering. Maltego is a very popular tool for the same.

There are many types of attacks like web application attacks, social engineering, server-side attacks & client-side attacks. I’ll use metasploitable to demonstrate some of them.

Information gathering includes data about servers/websites like DNS, IP address, tech/frameworks used, domains, directories etc.

WHOIS Lookup is a great place for the same. https://whois.domaintools.com/
This will give a brief idea of the site and server

Netcraft will give you more things on the site i.e technologies used: https://toolbar.netcraft.com/site_report

Exploit-Database will give a ton of existing exploits to use: https://www.exploit-db.com/

Robotex: More info of the webserver.. https://www.robtex.com

More Links:

https://www.yougetsignal.com/tools/web-sites-on-web-server/
http://www.ipfingerprints.com/reverseip.php
http://www.viewdns.info/reverseip/
https://www.tcpiputils.com/reverse-ip
I have never really got 100% accuracy of finding all other sites on the same server by these tools since many tools show different sites on the same web server.

Knowing is winning half the battle and that’s why information gathering is important in penetration testing. If you can gain access to one site on the web server, all other sites are compromised due to it. You can use bing.com to see other sites on the same server too just type “ip:{target ip}”

You can find subdomains to compromise too. This is important because you might sometimes not see the subdomains or it can only be accessed with users with privilages. If you can access this, you are basically done. If you want to do it in a traditional way, knock script will do the same. link: https://github.com/guelfoweb/knock. The problem with this is it takes a lot of time and it does a brute force and google based search. Other tools are more efficient than this.

On a similar basis, you can find directories on the web server using dirb. dirb uses a wordlist to find the directories so basically you will be bruteforcing the server with a list of words to check for the same.

You can create wordlist using crunch but there are many ready made wordlists which are much better than manually creating them.

Usage: dirb http://{ ip } (since we are scanning a webserver and not a website on metasploitable)

It uses a wordlist stored in usr/share/dirb/wordlists/common.txt in Kali Linux.

Because of info gathering we can know what is being used on the web app. Suppose if a server is using php, we can upload a php shell and gain control over the system. How? As always keep metasploitable running with kali.

1] Generate a backdoor by weevely. Usage: weevely generate {password} {location/name.php/.py}. This creates a backdoor with password at that exact location with the given name.
2] Go to dvwa in metasploitable. Go to uploads and upload the shell. If it is not uploading change the security to low and upload it again.
3] The in the terminal do “weevely http://{ip}/dvwa/hackable/uploads/shell.php {password} and you gain access to it.
4] Just type help once you are in and you will get everything you need to do with weevely.

https://pentest-tools.com gives a lot of tools for the same. Just look it up.