Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Hands-On Guides? Testing Labs?


ghost's Avatar
0 0

Hey, haven't been here in a while, so I guess my first post of many will start here with a question.

www.ngssoftware.com/papers/advanced_sql_injection.pdf

If you'd go and view this pdf on sql injection. You would see that within this guide, An example of html and ASP code were provided to actually help explain what they were talking about. Kinda of like a Hands on Walkthrough approach on actually teaching what bad coding looked liked and what exploiting it was like, giving you the view of the developer and the attacker at the same time. To me, this was a perfect learning method and I actually understood it and then passed Basic 21! Since I liked it, I did search for other guides like this one but my results was just "Webgoat" and "Hackme's" and other stuff that wasn't exactly what I was looking for. I don't want to just know how to do the attacks but to actually understand it from inside-out from developer to hacker, actually learning what makes the code bad and what makes code secure. So since their are (sometimes) strength in numbers, my question to the community is this.

Do you know of any guides/papers that is like the one shown above?

Do you know how to build your own webhacking testlab (like this site) to be able to test and apply what you have learned from here?

Any help will be appreciated, thank you for your time.


yours31f's Avatar
Retired
10 0

My reply to that is,

  1. Create a site.
  2. Add a new function.
  3. Make it secure.
  4. Hack it.
  5. Fix it.

Repeat steps 2 through 5 indefinitely.


ghost's Avatar
0 0

I actually did attempt that, but I got frustrated trying to figure out how with a webhost called freehostia and then I'd figure that someone must've have thought of this and done this already. So nice Idea, maybe when I'm smarter that will work much better for me.


ghost's Avatar
0 0

That technique is very common, guess it's a hallmark of a good guide. Just have a look around papers on milw0rm has a few sometimes okay.

Some great guides though don't, they depend on the effects rather than cause. Sometimes you wont have access to code or will find a novel vunrability and maybe it's helpful soemtimes not to look at a particular cause.