The content of the article
Hacking sites is one of the most common types of attacks. If you are interested in how websites are hacked and what you need to pay attention to protect your resource, then this article is for you. Here I will analyze the very beginning of the pentest of web applications and show with examples how to work with popular engines.
As of January 2020, there are 1.74 billion sites, and many of them are vulnerable. Ten years ago Web Application Security Consortium study showed that at least 13% of sites can be hacked automatically. And in a recent Positive Technologies study reported vulnerability of 19% of tested web applications. Truly a huge scope for attackers!
General principles of hacking sites
By structure, sites are divided into three large classes:
- self-written (hand-made in HTML, produced by a static type generator Jekyll or collected in a designer program such as Adobe Dreamweaver);
- made in online designers (mostly business card sites without any databases and passed fields);
- working on ready-made CMS (Content Management System, content management systems).
There are also home-made CMS created for a particular site, but it has become a rarity now – only the largest resources can afford to support their system, and it is not easy to justify the costs associated with this.
At the heart of most modern sites are off-the-shelf engines. For example, Xakep.ru is no exception: it runs on the popular WordPress system (at least now, in 2020).
From the point of view of the attacker, site engines are no different from other services. Their source code is usually publicly available, and any researcher can analyze it for errors, including security flaws. Therefore, sites on the CMS rarely become victims of a targeted attack. More often they are broken down en masse.
Such a hack is automated and usually proceeds according to the following scheme: an attacker finds a vulnerability (on his own or just google something fresh). Then he makes an exploit or takes the finished one and writes a specialized bot. This bot searches for a specified hole on all sites in a row in a given range and tries to exploit it.
It would seem that to protect against automatic attacks you just need to keep the software up to date, but in reality the CMS is overgrown with various additions, and keeping track of everyone becomes difficult.
With a pentest there is a slightly different task – to check a specific site for vulnerabilities. We’ll talk about this.
The article is intended for "white hackers", professional pentesters and heads of the information security service (CISO). Neither the author nor the editors are responsible for any possible harm caused by this material.
Before you try to attack the target, you need to collect information about it. A tool is good for this. Whatweb. This utility provides detailed information about the victim's CMS and the web tools used by it.
I advise you to run WhatWeb with a key
-а, indicating after it the value 3 or 4. The difference between them is only that in the second case, WhatWeb will also scan subdirectories. Keep in mind that both options specify an aggressive method of polling – with all the resulting, or rather "logging" to the server.
Here is an example of a launch and collected responses:
$ whatweb -a3 https://URL
Here we see that this is a British company site made on WordPress, using PHP v. 7.1.33 and jQuery 1.9.0, 2.2.3. Not bad for a start!
By the way, when working with foreign sites, it gives great speed.
If you just need to determine the name of the CMS, then there’s separate services, even Russian-speaking.
Here is fresh statistics of the popularity of various CMS in RuNet:
- WordPress – 58.12%
- Joomla – 17.12%;
- OpenCart – 4.65%;
- Drupal – 3.75%;
- Wix – 3.74%;
- MODX Revolution – 2.81%;
- MODX Evolution – 2.76%;
- Nethouse – 2.23%;
- others – 4.78%.
Continuation is available only to participants
Materials from the latest issues become available separately only two months after publication. To continue reading, you must become a member of the Xakep.ru community.
Join the Xakep.ru Community!
Membership in the community during the specified period will open you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score!
I am already a member of Xakep.ru