HostedDB - Dedicated UNIX Servers

-->
Web Hack FAQ v2

The Unofficial Web Hack FAQ

Beta Version 2
January 11, 1997

Compiled by Simple Nomad

Disclaimer - Jeez, I better put a disclaimer in or I might get sued. Does anyone seriously think that any disclaimer regarding "controversial" material will stop any lawyer? Oh well.....

Many thanks for AltaVista existing, making so many of my dreams come true. Thanks, Digital!

Also many thanks to the people who wrote in re: Version 1, flames or not, I enjoy almost every one of you lame luser idiot robotic morons and your ramblings, I love you all....



Contents

N means New, U means Updated

Section 00

General Info

  00-1. What is this "FAQ" for?
  00-2. What is the origin of this FAQ and how do I add to it?
U 00-3. Is this FAQ available by anonymous FTP or WWW?
  00-4. What conventions are used in this document?
  00-5. What is needed in this FAQ?
  00-6. Where can I get more info regarding Web security?

Section 01

The Browser

  01-1. What is "unsafe" about my browser?
  01-2. What is vulnerable about history, bookmark, and cache files?
U 01-3. What other browser files are important?
N 01-4. Can you tell me more about the "cookie" file?
  01-5. How can I protect my browser files?
  01-6. Are there any default browser holes?

Section 02

URL Attack Time

  02-1. What is phf?
U 02-2. What's the "test" hack?
  02-3. What about that ~ character?
  02-4. What's the deal with forms?
  02-5. What will this look like in the target's log files?
  02-6. What's the deal with Server-Side Includes?
N 02-7. What if SSIs are turned on but includes are stripped from user
        input?
N 02-8. What is the jj.c problem?
N 02-9. What are SSL and SHTTP?
N 02-10. How can I attack "anonymously"?

Section 03

The Basic Web Server

  03-1. What are the big "weak spots" on servers?
  03-2. What are the critical files?
  03-3. What's the difference between httpd running as a daemon vs. running
        under inetd?
  03-4. How does the server resolve paths?
  03-5. What log files are used by the server?
  03-6. How do access restrictions work?
U 03-7. How do password restrictions work?

Section 04

Fun with Other Web Servers

U 04-1. What are some known vulnerabilities with Microsoft Internet
        Information Server?
  04-2. What are some known vulnerabilities with Netscape for NT?
  04-3. What about WebSite and Purveyor?
  04-4. Is Novell's IntranetWare web server software vulnerable?
  04-5. What about WebSTAR for the Mac?
N 04-6. Does CERN's httpd have any vulnerabilities?

Section 05

Fun with Java and JavaScript

  05-1. What is a JavaScript Applet?
  05-2. What is the JavaScript problem?
  05-3. What is an example of this "bad" Java code?

Section 06

WWW as an InfoWar Tool

  06-1. What are some good search engines?
U 06-2. What "vulnerable" files can I find?
  06-3. What is Internet vs. Intranet servers?
  06-4. I want to hack a site. How can the web help me?
N 06-5. Where does the "social engineer" look on the web?

Section 07

CGI, Perl, Scripts, etc.

  07-1. What is CGI?
  07-2. Are there default vulnerabilities?
  07-3. How do I spot code with holes?
  07-4. Why are buffers so important?

Section 08

For The Lamer...

N 08-1. How can I falsely increase the hits on my counter?
N 08-2. My ISP limits web space and I want tons of graphics. What do I do?
N 08-3. How can I get pictures without paying for them at adult web sites?

Section 09

For The Stupid...

  09-1. How do I secure things?
  09-2. I'm an idiot. Exactly how do hackers get in?
  09-3. I have xxx setup and xxx version running. Am I secure?