|06-23-2014 01:44 PM|
|I'm here from about 3 month, but all that i've learned here doesnt not helped me.... I searched a lot of website get hacked from other people that doesnt know anything of what i learned here. How they do it?! And why i cant DO IT?! So i wanna ask you if you have some good idea for helpme learning... I have made all this challenges but i cant use that for other website... (i mean SQL, XSS and other)|
|06-23-2014 07:42 PM|
First off, it is entirely possible a website is not vulnerable. Even if it were, you won't find every single GET request open to SQLi or every form field open to XSS. In huge websites you might find a vulnerability in some obscure litter corner, but you have LOOK for it. It takes time and effort.
Also, not all vulnerabilities are straightforward. What you learn here are the basics, the foundation of the various exploits. Chances are you will have to improvise. Thus it is important to know exactly why and how these things work and perhaps read an article or two on the advanced stuff.
If you are target popular websites, remember that being popular, they are probably aware of these security issues making it all the more hard for you to hack them.
All in all, have patience, keep looking and never stop learning.
|06-29-2014 06:15 AM|
In the most challanges here the very basics get teached...like what is SQLinjection. The challanges are obvious vulnerable and today 89% of the people know how to patch this kind of stuff. Therefore you will just find n00b pages (or plugins) that are vulnerable in such a obvious way. If you really want to get deeper in the topic you need to have a look to more advanced topics like: Bypass filters, more kind of sql injections (maybe over Insert ot update), Double Query injection and so on......
E.g. on that blog http://turbochaos.blogspot.de/ are some non-skiddie vulnerabilties explained. Furthermore you should learn the web development language very well so that you can find vulnerabilties that occur when people use them the wrong way e.g. difference between "==" and strcmp.
Furthermore I want to tell you two other things: 1. 3 month into hacking is nothing. You are working against people who are into that stuff since years. 2. You didn't event touch the realistic challanges...you just complete the basic once. That means you are at an elementary school level. And I never heard a elementary school kid crying about not beeing able to understand/write a novel by shakespear.
So if you really want to hack something you need to practice. 1. do all challange here. 2. do challanges on enigmagroup (the most are little more advanced) 3. Learn coding very well and language details. 4. Try vulnerable by design pages. 5. Learn more stuff aout other topics. 6. Try in real ife.
Till now you didn't complete step 1
Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride
This dude doesn't answer to PM..no matter how special you think you are...sry
"With great power comes great responsibility"
|Jump to Forum:
Forum powered by fusionBoard