Digging into a Web Hacker's Mind. Step 1. Footprinting
This fast series is on digging into a web hacker's mind. We are going through the stages involved in penetration testing along with a particular example.
Did you know that hacking is a systematic method consisting of a few steps?
Footprinting
Scanning
Enumeration
Penetration
Now, imagine you are a spy working for an intelligence agency. They've asked you to gain access to acme.com as soon as possible within the next few hours. The mission is critical! How would you start your research?
Footprinting is step number one, which is basically about studying the target and collecting information about it. But remember, we are in a rush! Time management is crucial to success and conducting a reconnaissance can be time-consuming if not planned properly.
If you want to figure out right now which programming language, framework, CMS or ecommerce platform is run on our victim's web server, a good starting point is to have a rough look at the numbers (September 2018) to get an idea on how to focus our efforts.
Here is an estimation of the top five most used web programming languages as stated by BuiltWith:
| Language | Total Live Sites | Top 1m | Top 100k | Top 10k |
|---|---|---|---|---|
| PHP | 50,202,358 | 39.85% | 39.75% | 43.27% |
| ASP.NET | 42,693,116 | 12.56% | 23.47% | 28.90% |
| J2EE | 2,859,799 | 3.88% | 9.54% | 18.99% |
| ASP.NET Ajax | 1,839,200 | 3.81% | 8.77% | 10.51% |
| Ruby on Rails Token | 2,385,191 | 3.06% | 8.17% | 16.18% |
As a rule of thumb, do some digging on multiple different sources of information and then compare the results obtained; for example, visit the Usage of server-side programming languages for websites according to W3Techs as well, or even the TIOBE Index. It is also recommended to understand how the statistics are calculated in order to avoid bias.
BuiltWith's Internet Technology Trends shows the popular technologies categorized by technology groups. So, which programming language is our victim using?
The short, hypothetical answer is PHP.
And which framework or CMS, if a any, are they using?
Most probably they're using WordPress.
Note that like Sherlock Holmes, we're following a scientific method already in our research -- inductive, deductive and abductive reasoning are certainly useful tools in a hacker's skill set.
It is important to have a good understanding of logic. Induction is a bottom-up approach especially useful to draw probable conclusions. We just induced that acme.com uses PHP -- WordPress to be precise -- which is not entirely true but a probable conclusion.
Then, it is time to get into hypothesis testing.
How to check if a site is built in WordPress is straightforward with IsItWP. Also, BuiltWith provides with a detailed report on the technologies with which a particular website is built. Type the victim's URL into BuiltWith's search box and click on the Lookup button to get a complete technology profile. Wappalyzer helps you identify technologies used on websites too.
Well done! We did it. It took a few seconds only to confirm the base technical stack running on acme.com.
Congratulations @programarivm! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word
STOP