Forum Thread: A Website Is Never 100% Secure ?

A Website Is Never 100% Secure ?

I did read this a lot on the web. With my little experience, maybe i can say that this is not so true. When you analyze a site with the best tools, try different exploits, and do this the best you can, and finally find nothing, it's pretty odd. The only thing that worked for me is to find random targets with dorks (sql injections), such a big script kiddie. And maybe a simple DDOS leak that is not so intellectually interesting.

My main questions is : is it possible to break into any site ? With only computing skills ? What is a good path to follow ? Is this path confirmed and really tested ?

I think that i'm born in the good era, the computing is big. I want to benefit of it and discover the things that the people hide !!!

5 Responses

Just my thought, though it might not be interesting:

Most exploits are based on memory flooding caused by bad allocation memory, as long as you have the skill to find one in any kind of protocol , you can, errare humanum est (how valuable are fuzzers anyway?)

Recent exploiting tools might not be able to exploit any kind of website, but sure a human mind with enough knowledge and skill does.

The computing skill you are talking about is just programming, not that great, and the path to follow is studying.

Another great requirement is mind flexibility, and team group is the best option to follow when trying to attack a big platform.

Now, because I'm not an expert, I can't help you with courses or certifications, but here we have some of the greatest I've ever seen in this filed, they'll surely be able to help you, and help me too, I'm interested in this topic.

I also wanted to know if what I've said is valuable or there's more (as you can see, I just wanted to start the topic because I'm interested too, mine were only thoughts), thank you.

Another great advice: never give up.

Anything can be hacked into; you just need to find the right way.

I saw that you mentioned using the best tools and tried different exploits, but what about examining the code yourself?

Also, utilising only computer skills is severely limiting yourself unnecessarily. Social engineering is an incredibly important part of recon, in my honest opinion. You have to remember, there is no patch for human error.

Hacking is a combination of various things that you need to keep in mind.

  • One is obviously computing skills, but not just being able to do simple tasks or even above average tasks. You really need to know your stuff about a variety of different things: software engineering, networking, servers, et cetera. It all comes down to what you know whether you're able to find a vulnerability using just computer skills.
  • The next is social engineering. Being able to get the information you need from unknowing victims is not only incredibly effective, but also satisfying.
  • Another is problem solving capabilities and creativity, which marries the last two points up nicely.

There are other things, but these are the ones from the top of my head.

There is just such a vast aspect to hacking that you're not even looking at by limiting yourself to just using pre-made tools. Don't be a script kiddy, they're quite often the ones caught, you never want to be a script kiddy.

Do yourself a favour, if you truly want to pursue hacking, go through these tutorials and learn everything you can. Not only will you be far better equipped to do what it is that you want to do, but it will be much more fulfilling.

ghost_

I agree with all posts above. No website/server is 100% safe from anything. Best you can do is not make it easy and hope they move on before smashing the stack.

A lot of these tools we use are designed not to be as stealthy as you wanna think.. Look at metasploit, it signs every packet it sends. Why? Ask an IDS/IPS vendor why. Kali has a few scripts that basically blow your cover on purpose.

This is the part where coding your own tools helps out. Also 75% of scripts/exploits and tools found are coded wrong on purpose to keep the wrench out of monkeys hands. Make yourself a fuzzer and scanner to start with. CodeAcademy is your best friend.

Kali is too mainstream(not good) .

I have not looked at the metrics yet but willing to bet Kali is a top 10 net download worldwide. I'm waiting to see the dragon in films.

Programming languages are not wrong, human error is.

Guess who developed programming languages ;)
What you said is true, is the way you use them that makes the trick!
The problem with humans is that we can't make long-term decisions...

Share Your Thoughts

  • Hot
  • Active