0

I read this post: How does hacking work? and I saw that Chris Dale answered the question with some PHP exploit instructions. However, how does a hacker can read a PHP file (or another back-end file), since it is in a server? What do hackers do to reach a back-end file in the first place? is it done with pre-made tools like Metasploit or network tools then, after being able to read the file by the tool, they write custom exploits to achieve what they want? I wonder too if Javascript is easier to exploit because a section of the program usually is in the front-end (I mean files that aren't node.js ones). I don't have prior knowledge in hacking.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Cronos
  • 233
  • 2
  • 5

1 Answers1

3

"Hackers" don't really do (or need to do) what you are describing. In some cases, a misconfiguration may allow for a remote user to view the text content of a PHP script file (e.g. maybe a backup file with a file extension not normally executed by the PHP interpreter, or some arbitrary read vulnerability), but this is not required to construct a working exploit.

In general, I'd say there are at least two ways an attacker may find vulnerabilities without reading the source off the server:

  1. The application is a well-known open source product (e.g. WordPress), and the attacker downloaded the source and found a vulnerability that way, or they found an existing vulnerability that applies to the version on the target server.
  2. Certain design patterns immediately raise red flags to the trained eye. If I see in the URL something like /?file=store.html, this looks like it could be used for directory traversal/LFI/RFI (e.g. maybe replace the file parameter with ../../../../etc/passwd to test). Or, if the website lets me directly or indirectly run system commands (e.g. "Enter an IP address to ping"), it may be worth attempting shell escapes (8.8.8.8$(cat /etc/passwd)) to see if there is a command injection vulnerability. These type of blind attacks are often more of an art than science, as it can take quite a bit of intuition and assumption on the attacker's part to figure out how the system works and where a vulnerability may exist.
multithr3at3d
  • 12,529
  • 3
  • 31
  • 43
  • So what you are telling me in the second case is that hacking can be a try and error work until the person succeeds? – Cronos Nov 27 '20 at 22:43
  • 2
    I'd say that unless the exact problem has already been solved, hacking is _almost always_ trial-and-error. Even with a solved problem, changes in the environment could still result in a trial-and-error sdenario. – multithr3at3d Nov 27 '20 at 23:28