Learning from hackers.
How to learn from hackers without paying for a course or purchasing a book.
If you have a site then there is a way to learn, not you could learn trivial tricks but also the newest tricks (if not zero hour vulnerabilities). How? LOG EVERYTHING and read it (and sometimes it is even done by the OS).
Sounds simple? Yes and no. No, because the log could be really verbose and yes because it is just a test.
Let's show an example:
I have a web form, a contact form, and it arrived in the next message.
Did yоu knоw thаt it is pоssiblе tо sеnd businеss оffеr uttеrly lеgаl?
Wе put а nеw wаy оf sеnding аppеаl thrоugh fееdbасk fоrms. Suсh fоrms аrе lосаtеd оn mаny sitеs.
What is the problem? The problem is it uses words that are in my blacklist but it bypassed the blacklist. Why? UTF-8.
It is the same message in ASCII (not codified)
Did yÐ¾u knÐ¾w thÐ°t it is pÐ¾ssiblÐµ tÐ¾ sÐµnd businÐµss Ð¾ffÐµr uttÐµrly lÐµgÐ°l?
WÐµ put Ð° nÐµw wÐ°y Ð¾f sÐµnding Ð°ppÐµÐ°l thrÐ¾ugh fÐµÐµdbÐ°Ñk fÐ¾rms. SuÑh fÐ¾rms Ð°rÐµ lÐ¾ÑÐ°tÐµd Ð¾n mÐ°ny sitÐµs.
It is nothing new but it yet, it is a good trick.
Ok, lesson learned.
Second step. Since we have the log, then let's put this guy on the blacklist!.
It is the IP: 89.187.168.* How do I know the IP? The log file.
Anyways, I check an online database and if the IP is from a hacker or not. Abuseipdb is a nice and free service.
Third step. Strengthen our blacklist. For example, "Ð¾" is more than enough. Why? Because normal people don't write those letters.
In the same way, we could found many tricks.
For example, in the log file, I found the next entry
What is it?. OWA is the web version of the outlook.
Do you know a vulnerability to Outlook? Now you know. But how it works? Simple, you can google and find more information. It is easiest to find information about vulnerabilities when you are specific about it.
Rinse and repeats. You could learn all the tricks of a hacker in a single shot.