Digging into a Web Hacker's Mind. Step 1. Footprinting
This fast series is on digging into a web hacker's mind. We are going through the stages involved in penetration testing along with a particular example.
Did you know that hacking is a systematic method consisting of a few steps?
Footprinting
Scanning
Enumeration
Penetration
Now, imagine you are a spy working for an intelligence agency. They've asked you to gain access to acme.com as soon as possible within the next few hours. The mission is critical! How would you start your research?
Footprinting is step number one, which is basically about studying the target and collecting information about it. But remember, we are in a rush! Time management is crucial to success and conducting a reconnaissance can be time-consuming if not planned properly.
If you want to figure out right now which programming language, framework, CMS or ecommerce platform is run on our victim's web server, a good starting point is to have a rough look at the numbers (September 2018) to get an idea on how to focus our efforts.
Here is an estimation of the top five most used web programming languages as stated by BuiltWith:
| Language | Total Live Sites | Top 1m | Top 100k | Top 10k |
|---|---|---|---|---|
| PHP | 50,202,358 | 39.85% | 39.75% | 43.27% |
| ASP.NET | 42,693,116 | 12.56% | 23.47% | 28.90% |
| J2EE | 2,859,799 | 3.88% | 9.54% | 18.99% |
| ASP.NET Ajax | 1,839,200 | 3.81% | 8.77% | 10.51% |
| Ruby on Rails Token | 2,385,191 | 3.06% | 8.17% | 16.18% |
As a rule of thumb, do some digging on multiple different sources of information and then compare the results obtained; for example, visit the Usage of server-side programming languages for websites according to W3Techs as well, or even the TIOBE Index. It is also recommended to understand how the statistics are calculated in order to avoid bias.
BuiltWith's Internet Technology Trends shows the popular technologies categorized by technology groups. So, which programming language is our victim using?
The short, hypothetical answer is PHP.
And which framework or CMS, if a any, are they using?
Most probably they're using WordPress.
Note that like Sherlock Holmes, we're following a scientific method already in our research -- inductive, deductive and abductive reasoning are certainly useful tools in a hacker's skill set.
It is important to have a good understanding of logic. Induction is a bottom-up approach especially useful to draw probable conclusions. We just induced that acme.com uses PHP -- WordPress to be precise -- which is not entirely true but a probable conclusion.
Then, it is time to get into hypothesis testing.
How to check if a site is built in WordPress is straightforward with IsItWP. Also, BuiltWith provides with a detailed report on the technologies with which a particular website is built. Type the victim's URL into BuiltWith's search box and click on the Lookup button to get a complete technology profile. Wappalyzer helps you identify technologies used on websites too.
Well done! We did it. It took a few seconds only to confirm the base technical stack running on acme.com.
Leave Digging into a Web Hacker's Mind. Step 1. Footprinting to:
Read more #technology posts
Best Posts From programarivm
We have not curated any of programarivm's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.
More Posts From programarivm
- Testing a Laravel REST API with Sample Data in a CSV File
- Structuring tests in php-amqplib, the most used PHP library for RabbitMQ
- Digging into a Web Hacker's Mind. Step 2. Scanning
- Digging into a Web Hacker's Mind. Step 1. Footprinting
- Alphabet Detection and Frequency Analysis of Unicode Ranges with PHP
- Stop Coding Right Now? Here Is Why
- Babylon, a New Machine Learning Repo for Language Detection
- PHP Machine Learning Diary: Preparing Random Phrases with Linux Commands
- A Training Tool for Chess Players Based on Memory Recall
- Seed a SQL Database with PGN Games