Part 5 - Why Sites Get Hacked

Video Activity

The next five videos in the course discuss the reasons why sites get hacked. These are actually a series of steps which comprise the hacker methodology. The primary reason websites are hacked is because they present a large attack surface. Web apps are software projects that are subject to the vulnerabilities of poor coding practices that result fo...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

The next five videos in the course discuss the reasons why sites get hacked. These are actually a series of steps which comprise the hacker methodology. The primary reason websites are hacked is because they present a large attack surface. Web apps are software projects that are subject to the vulnerabilities of poor coding practices that result for inadequately training developers typically working under cost constraints where the priority is to ship product. Security is usually not a priority and is often an afterthought. Foot printing where the terrain of a webserver is identified is the first step in the hacker methodology. This is accomplished via pings sweeps, Google dorking, and Whois and Web Archive lookups.

Video Transcription
00:03
>> Welcome to Cybrary. I'm Raymond Evans,
00:03
and I will be the subject matter expert for
00:03
Cybrary's web app Penetration Testing course.
00:03
This video we will be discussing
00:03
why do websites get hacked,
00:03
and the hacker methodology is what will be covered.
00:03
We're going to cover why websites are hacked.
00:03
A quick overview of the common web vulnerabilities.
00:03
Then we're going to go in-depth about
00:03
the hacker methodology.
00:03
Why do websites get hacked?
00:03
Websites are a large attack surface.
00:03
As companies automate more of
00:03
their products and services,
00:03
that attack surface grows immensely.
00:03
Developmental constraints factor into
00:03
this vulnerability as well.
00:03
Increased demand with limited time
00:03
for development and testing,
00:03
increased the flaws in web applications,
00:03
increase in more information
00:03
available online and increase
00:03
vulnerabilities make
00:03
websites pretty easy prey for attackers.
00:03
A lot of times companies will
00:03
just spit out new web applications.
00:03
They want their website to now do Widget X.
00:03
They have to get Widget X in
00:03
the market as quick as they can because if they don't,
00:03
they're opposing a company that is also working
00:03
on a similar Widget X.
00:03
Well, they're going to be onto it
00:03
and people are going to move to their company.
00:03
They're going to push the developers as
00:03
hard and as quick as they can.
00:03
Those developers with a lack of time
00:03
and money and not proper
00:03
and maybe improper education
00:03
for secure app development and
00:03
web application development are going to
00:03
>> churn out a product that isn't
00:03
>> the most stellar product that you can really think of.
00:03
That's why websites get hacked.
00:03
What are some of the common attack vectors?
00:03
Well, there's cross-site scripting or XSS,
00:03
is used to inject code into
00:03
website and bypass access controls.
00:03
SQL injection is used to enumerate
00:03
databases and steal information.
00:03
Local file inclusion allows
00:03
an attacker to traverse a file system.
00:03
Remote file inclusion allows an attacker to
00:03
execute a remote file on a webserver to steal data.
00:03
URL manipulation allows an attacker to gain access or
00:03
information from a website when
00:03
poor user controls are implemented.
00:03
What's hacker methodology?
00:03
Well, there are steps for attacking
00:03
a target which if followed properly,
00:03
can result in a successful attack.
00:03
When you're performing a web pen test,
00:03
this is something you want to do too.
00:03
You want to step through and follow every single one
00:03
of these processes to get
00:03
the best product that you can
00:03
for whoever you're delivering a report to.
00:03
First, it starts with footprinting.
00:03
It's passively getting information.
00:03
Then we're going to scan and map the network.
00:03
After we scan and map the network,
00:03
we're going to enumerate and find vulnerabilities.
00:03
Then we can gain access by performing penetration.
00:03
Then you'll want to maintain access.
00:03
Something like creating a new user account
00:03
on the system that you can log in with or
00:03
setting up some backdoor to
00:03
constantly call out to a listener that you may have.
00:03
Then finally, you're going to want to
00:03
cover your tracks so ultra logs
00:03
>> in Azure activity or even delete the logs that way,
00:03
>> logs whenever it exists.
00:03
First, footprinting, there are many ways
00:03
>> to perform footprinting on a target.
00:03
>> You perform ping sweeps which are used to
00:03
identify machines on IP range that may be active,
00:03
is going to be allowed and
00:03
somebody could find you with a ping sweep.
00:03
Unless you do it very slowly,
00:03
then you're less likely to get caught.
00:03
You can use WHOIS which is
00:03
an open-source information database
00:03
about companies such as IP addresses and contact info.
00:03
You can use Google Hacking aka Google Dorking,
00:03
which uses Google search engine
00:03
with specialized queries to get information.
00:03
Then finally, you can use the Internet time machine at
00:03
archive.org to view older versions of website.
00:03
Doesn't give you an insight into trends or
00:03
view information that was
00:03
posted on a website accidentally.
00:03
Sometimes things may get posted on a website and may
00:03
stay there for a day or two and somebody realizes,
00:03
"Crap, this isn't supposed to be there,"
00:03
>> and then they delete it.
00:03
>> Well, that archive.org website takes
00:03
pictures and snapshots of these webpages,
00:03
and that information could still be there.
00:03
First, we're going to show you the WHOIS here.
00:03
Went to the WHOIS page,
00:03
we typed in google.com when we looked it up.
00:03
From this, we can find
00:03
the contact information for the admin,
00:03
tech team, the registrar.
00:03
All this information can be used
00:03
>> for social engineering.
00:03
>> In fact, it can be also used if you want to perform
00:03
a physical attack as well in your assessment.
00:03
If you want to actually go to the occasion and
00:03
see how well you can social
00:03
engineer the individuals at the location,
00:03
this information becomes really important.
00:03
To do that further, you can find
00:03
the name servers and more information that can
00:03
help you plan an attack better against your target.
00:03
WHOIS' information is
00:03
very important information and free to lookup.
00:03
Now the next we have the Internet Wayback Machine.
00:03
You can click anywhere on this Wayback Machine.
00:03
[NOISE] This is like 2010.
00:03
Pick a random date and random time.
00:03
Here we see an old version on this web page.
00:03
Now we can go even further back.
00:03
[NOISE]
00:03
Just give you a better idea of what you can see.
00:03
You go as far back to see
00:03
the very first versions of
00:03
the web pages that ever existed.
00:03
Here, when you see the Google search engine prototype.
00:03
The Wayback Machine can be very helpful when trying to
00:03
find pieces of information
00:03
that may have been leaked on the Internet.
00:03
The following, we have Google Dorking.
00:03
We typed site cydefe.com,
00:03
which is my web page.
00:03
That pulls up every page for cydefe.com.
00:03
[NOISE] I can go through and see every page for CyDefe.
00:03
Well, [NOISE] we can then add filetype PDF,
00:03
and it'll give us every PDF
00:03
that is located on that web page.
00:03
This can be useful for finding things that
00:03
maybe on the webpage and Internet-facing,
00:03
facing out to Internet that
00:03
they necessarily might not
00:03
want facing out to the Internet.
00:03
Sometimes people put internal network maps on there,
00:03
some are from the IT team
00:03
who doesn't know better might put that on there,
00:03
internal phone directories may be on there as well.
00:03
All awesome information can be found by just
00:03
changing these file types [NOISE] here
00:03
and trying to look for
00:03
different files that may be available on a web page.
00:03
[NOISE]
Up Next