Web Hacking and Server Rooting

Web Hacking and Server Rooting

For many newcomers and beginners, your might be confused about the difference between web hacking and server rooting. They are both different things, and firstly I shall introduce you to web hacking.

Web hacking

What is web hacking? It is the exploitation of vulnerabilities within a website to deface it or gain root access of the site. A prime example is the basic and realistic missions on hackthissite.

Example 1:

Bob finds a website he doesn’t like, www.website.com . He does a routine search and finds an improperly configured .htaccess file that leads him to be able to access the /haccess area.

After finding the password from the admin/.hpasswd area he realizes it is a hash. He opens up John the Ripper, cracks the hash and gains access to the website.

Example 2:

Bob finds another website, and he wishes to deface it. He finds a comment area, and finds it is vulnerable to directory transversals. So he sets the comment name to go back 2 directories to the index.php page and inputs the defacing code he wants.

Server rooting

This is the kind of hacking you see in movies involving Nmap, Backtrack and the “Black and white command prompt screen with strange code.” Unfortunately I have very little experience in rooting as HackThisSite teaches only web hacking. This type of hacking is also much more difficult because it involves exploiting vulnerabilities in the operating system.

Example 1:

Bob finds a website. He does a port scan of it and finds the telnet port open, port 23. He brings up the command prompt and inputs in the command:

telnet www.somewebsite.com 23.

He then exploits a vulnerability in the operating system which leads him to an Administrator account with full privileges.

Know you know,
IncandescentLight