Learning from hackers.

How to learn from hackers without paying for a course or purchasing a book.

If you have a site then there is a way to learn, not you could learn trivial tricks but also the newest tricks (if not zero hour vulnerabilities). How? LOG EVERYTHING and read it (and sometimes it is even done by the OS).

Sounds simple? Yes and no. No, because the log could be really verbose and yes because it is just a test.

Let's show an example:

I have a web form, a contact form, and it arrived in the next message.

Did yоu knоw thаt it is pоssiblе tо sеnd businеss оffеr uttеrly lеgаl? Wе put а nеw wаy оf sеnding аppеаl thrоugh fееdbасk fоrms. Suсh fоrms аrе lосаtеd оn mаny sitеs.

What is the problem? The problem is it uses words that are in my blacklist but it bypassed the blacklist. Why? UTF-8.

It is the same message in ASCII (not codified)

Did yоu knоw thаt it is pоssiblе tо sеnd businеss оffеr uttеrly lеgаl? Wе put а nеw wаy оf sеnding аppеаl thrоugh fееdbасk fоrms. Suсh fоrms аrе lосаtеd оn mаny sitеs.

It is nothing new but it yet, it is a good trick.

Ok, lesson learned.

Second step. Since we have the log, then let's put this guy on the blacklist!.

It is the IP: 89.187.168.* How do I know the IP? The log file.

Anyways, I check an online database and if the IP is from a hacker or not. Abuseipdb is a nice and free service.

Third step. Strengthen our blacklist. For example, "о" is more than enough. Why? Because normal people don't write those letters.

Another example

In the same way, we could found many tricks.

For example, in the log file, I found the next entry

mydomain.dom/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f

What is it?. OWA is the web version of the outlook.

Do you know a vulnerability to Outlook? Now you know. But how it works? Simple, you can google and find more information. It is easiest to find information about vulnerabilities when you are specific about it.

About Jorge Castro

Currently: Entrepreneur and Private Consultant
Civil Engineer in Informatics - USACH Chile.
Master in Business Administration (MBA) CEPADE Spain
Microsoft Certified Professional
Oracle Certified Associate
ScrumMaster Certified
Former developer
Former Project Manager

Related Posts