Chat with
Hackers

How to Defend
Your Computer 

The Heretic! 
A Hacker Thriller

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More on Telnet: the Number One Hacker Tool

So how do you send stuff back to the webserver? Try this:

GET / HTTP/1.0
<your command here>

What kinds of commands can you send? The book Hackproofing Your Network (by Ryan Russell of Securityfocus.com and Stance Cunningham) suggests a fun and harmless hack. Create and store a bogus cookie in the location on your web browser that stores cookies. (Find it by searching for the file "cookies.txt".) Name your bogus cookie something like "MyBogusCookie." Then telnet to the victim webserver and give something like this command:

GET / HTTP/1.0
User-Agent: HaveABogusCookieThisIsAJoke 123.4
Cookie: /; MyBogusCookie

The Überhacker! -- How to Break into Computers book details a number of serious attacks you can perform through sending funny input to a webserver. Basically, you need to learn how to write shell programs, and then find ways to get them to be run by the webserver. I'm not going to explain them here, however. These attacks, when carried out against a vulnerable webserver, are so easy that little kids could do them, and I don't want to be responsible for their behavior. It's much harder for little kids to get a hold of Russell's and my books than it is for them to read this GTMHH on the Happy Hacker website.

So are you dying to know what to send a webserver in order to break into it, without having to buy a book? Here are some hints. How to do this will depend on what webserver it is, what operating system it runs on, whether its security weaknesses have been fixed, and whether the web designer has used things such as Common Gateway Interface (CGI) or Server Side Includes (SSIs) that have weaknesses in them.

You will have to research these issues at Web sites that archive vulnerabilities and exploits such as http://www.securityfocus.com and http://packestorm.securify.com. You will need to study web site programming (HTML -- hypertext markup language, CGI and SSIs) and shell programming. You will need to learn webserver commands (documented at http://www.w3.org/hypertext/WWW/markup/Markup.html). You will have to use your brain and be persistent.

But at least if you come across a telnet exploit, now you know the answer to the question "where do I type that command?"

___________________________________________________
Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org.
We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. But we hate computer crime. So don't email us about any crimes you may have committed!

© 2000 Carolyn Meinel. You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end. 

Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

My SQL for Free

Return to the index of Guides to (mostly) Harmless Hacking!

© 2001 Happy Hacker All rights reserved.