Are you hacking yet?
Please note, that most times “hacking” is an extremely context specific term. One can be a hack, by not fulfilling the proper duties of a professional in their field; One can hack by getting a system/application to do something that it was not designed to do; One can be hacked by thinking they are going to find local hot moms by installing some toolbar.
I personally don’t like the term, and prefer alternatives at all times. For example: I’m not a hacker, I’m a technologist. I will not hack you, but I will run through a series of penetration tests using popular exploits for your infrastructure.
Depending on how you are defining the term, it will vary what you’re actually looking for here. I’m going to be continuing with what’s needed if you would like to be a hacker in the sense of impressing everyone around you with your technological competence and know how. Mind you: This will not give you detailed step by step instructions. This will however atleast give you a general understanding of what’s actually happening when someone is “hacking”.
This post is going to cover what makes a website, a website. More so than just the HTML and CSS styling of a website, but the technological infrastructure involved with a website, its server and its functionality. Having general knowledge of this will be required if you are to really consider yourself a “hacker” or anything relatively close.
Data currently is the most in demand product right now. Information, is the age we live in and it’s stored as data on servers that govern our daily lives.
Everything contains data. For example, you. You have a skin color, this is a point of data about you and it might not be the same as someone elses even though you both have this same data point, your skin color. Your eye color, height, weight, are 3 more examples of data points that you have.
Data is literally that simple. Where it gets slightly more complex is when discussing the data types (1’s and 0’s, text, numbers, and more that stem from those three: Dates, Big numbers, Small numbers, Booleans).
It’s all stored as 1’s and 0’s when it’s written to a hard drive, but some data does not take up as much space as other data. Numbers don’t take as many bytes as text, and booleans don’t take as many bytes as numbers.
2. Servers and Computers
They’re the same thing guys.
Essentially, anyways. Servers differ from computers only in the software that runs on them, and the general purpose of them. Servers are meant to serve information to computers, which could very well be other servers. Servers can use the exact same hardware you use for your computer, and they also have specialized hardware available that is specifically designed just for their purposes (serving other computers as fast and efficiently as possible).
A server will generally have what’s called a Static IP address. Being Static means that it does not change, ever, unless you change it. Where as computers (PCs of all kinds) will generally connect to the internet using a Dynamic IP address. Being Dynamic means that it will change whenever necessary. As you can imagine, a Dynamic IP address would not be an easy thing to run a website from, as it’s consistently changing.
Domains are fairly simple: google.com is a domain, kamronk.com is a domain
All domains are essentially just placeholders for IP addresses. Registered domains are registered by purchasing it from a Registrar like GoDaddy or Enom who host and manage a large percentage of the servers around the world that are responsible for keeping track of registered domains (these servers are called name servers).
You can always use something like WhoIs.net to see the IP address of other information behind a domain.
The Stack of a website is what technologies are used to make the website work.
The better portion of the internet runs on what’s called a LAMP stack (Linux Apache Mysql Php). Knowing this alone gives you a certain edge over websites and determining what is used to power them. Also, if you’re trying to do some web development, this is the most common stack you will come across when freelancing and managing your own “business”.
A simple google search for “lamp exploits” will turn up things either detailing exploits, or they will be given to use as things like this: 10 Simple Security Tasks for Locking Down Your LAMP Website
You can take these 10 security tasks (or any security “advice” for that matter), and assume that over 75% of people do not do this.
It’s very common for folks to muddle their way through getting their website up and running, and completely disregard security measures because it’s already hard enough to to “get the damn thing up”.
If you’re making a website, TAKE THE EXTRA TIME to do this. There are hundreds of script kiddies out there who have web crawlers out there looking for the standard exploits. Once the bot finds an “open box” (server with an exploit available) the developer is notified, they take down the site and remove any backups they can, while leaving your homepage as their own with a ransom message sometimes, or claiming victory to their “ethical hacker organization”.
Along with Stacks come CMS‘s (Content Management System). These are used for people to manage their website from original development through scaling after successful launches. Some of the more popular CMS’s are: WordPress, Joomla, and Magento. There are many more, each coming with their own set of features and exploits. Again, some simple google searches will reveal some of the default settings and pages that can be tested in order to determine what it is a website may be using.
Stacks come in all shapes, forms and sizes. There are lots of technologies out there that you can use to make your website, each of them will consist of:
- An Operating System
- Server Software
- A database
- Primary Programming Language (many may be used, but one will be prominent compared to the rest)
Requests and Responses are what make up the connectivity of the web as we know it. You type of domain into the address bar of your browser and hit Enter, the computer than makes a request to the server behind that domain and the server responds with information. Typically this information is HTML but any text based document or image can be retrieved using your web browser.
Visualizing this Request/Response mechanism is a good way to understand the Client/Server relationship. Your computer is the client, and the server is of course the server. The image on the right should help you visualizing this scenario.
Requests are technically made from one IP address to another, and everything is recorded. Either in logs, or in a database used for analytics, expect your IP to be recorded when any type of request is made. Your IP address is not the only thing being recorded here, more often than not your: Operating System, Browser type and version, and the specific resource you are accessing; are all being recorded in a matter of less than half a second. These are all things defined in what’s called your “User Agent” which is what most people would consider meta-data of the request, or the header of the request object being sent to the server. All of this can also be used by the website to determine which version of the website (HTML, styles, scripting) to send back to you in the response. This is used mostly to serve mobile versions of a website, and for analyzing usage of a certain site or page within a site.
That about sums up the web, and how most things work here.
If this picture to the side even slightly hints at the feels you’re experiencing, be not afraid, you’re in good company.
In “hacking” anything, the key point is learning, and doing it as quick as possible. No one in IT is a “master”, and if someone is claiming to be, remain very skeptical as it’s most likely an ego talking. Most of the top talented developers and development teams I’ve worked with never claim to have mastered anything, as whatever it is that they are talented in is always changing.
Keep learning, stay classy, and kick ass. That’s what makes a good developer/hacker