From the Nomad Mobile Research Centre: Frequently Asked Questions About Hacking the Web "The Unofficial WWW Hack FAQ" Beta Version 3 November 1997 Compiled by Simple Nomad Disclaimer - I disclaim all of you. Tunes - NIN, Stravinsky, Xen. --------------------------------------------------------------------------- --------------------------------------------------------------------------- Contents N means New, U means Updated --------------------------------------------------------------------------- Section 00 General Info 00-1. What is this "FAQ" for? 00-2. What is the origin of this FAQ and how do I add to it? U 00-3. Is this FAQ available by anonymous FTP or WWW? 00-4. What conventions are used in this document? 00-5. What is needed in this FAQ? 00-6. Where can I get more info regarding Web security? --------------------------------------------------------------------------- Section 01 The Browser 01-1. What is "unsafe" about my browser? 01-2. What is vulnerable about history, bookmark, and cache files? 01-3. What other browser files are important? 01-4. Can you tell me more about the "cookie" file? 01-5. How can I protect my browser files? 01-6. Are there any default browser holes? N 01-7. What about Internet Explorer? --------------------------------------------------------------------------- Section 02 URL Attack Time 02-1. What is phf? 02-2. What's the "test" hack? 02-3. What about that ~ character? 02-4. What's the deal with forms? 02-5. What will this look like in the target's log files? 02-6. What's the deal with Server-Side Includes? 02-7. What if SSIs are turned on but includes are stripped from user input? 02-8. What is the jj.c problem? 02-9. What are SSL and SHTTP? 02-10. How can I attack "anonymously"? N 02-11. What is the "asp dot" attack? --------------------------------------------------------------------------- Section 03 The Basic Web Server 03-1. What are the big "weak spots" on servers? 03-2. What are the critical files? 03-3. What's the difference between httpd running as a daemon vs. running under inetd? 03-4. How does the server resolve paths? 03-5. What log files are used by the server? 03-6. How do access restrictions work? 03-7. How do password restrictions work? N 03-8. What is "Web Spoofing"? --------------------------------------------------------------------------- Section 04 Fun with Other Web Servers 04-1. What are some known vulnerabilities with Microsoft Internet Information Server? 04-2. What are some known vulnerabilities with Netscape for NT? U 04-3. What about WebSite and Purveyor? 04-4. Is Novell's IntranetWare web server software vulnerable? 04-5. What about WebSTAR for the Mac? 04-6. Does CERN's httpd have any vulnerabilities? N 04-7. What is the iCat Carbo Server bug? --------------------------------------------------------------------------- Section 05 Fun with Java/JavaScript/ActiveX 05-1. What is a JavaScript Applet? 05-2. What is the JavaScript problem? 05-3. What is an example of this "bad" Java code? N 05-4. What about ActiveX? --------------------------------------------------------------------------- Section 06 WWW as an InfoWar Tool 06-1. What are some good search engines? 06-2. What "vulnerable" files can I find? 06-3. What is Internet vs. Intranet servers? 06-4. I want to hack a site. How can the web help me? 06-5. Where does the "social engineer" look on the web? --------------------------------------------------------------------------- Section 07 CGI, Perl, Scripts, etc. 07-1. What is CGI? 07-2. Are there default vulnerabilities? 07-3. How do I spot code with holes? 07-4. Why are buffers so important? --------------------------------------------------------------------------- Section 08 For The Lamer... 08-1. How can I falsely increase the hits on my counter? 08-2. My ISP limits web space and I want tons of graphics. What do I do? 08-3. How can I get pictures without paying for them at adult web sites? --------------------------------------------------------------------------- Section 09 For The Stupid... 09-1. How do I secure things? 09-2. I'm an idiot. Exactly how do hackers get in? 09-3. I have xxx setup and xxx version running. Am I secure? ---------------------------------------------------------------------------