Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
1.Site Mapping<br />
The first thing a hacker will do during an attack on a Web service will be to summarize the banners<br />
(see chapter I: Information Acquisition) as well as map the site to recover a maximum <strong>of</strong> indications on<br />
his target. Mapping a website can be done in several ways. Either the hacker will have found a<br />
loophole allowing him to list the contents <strong>of</strong> all the directories <strong>of</strong> the server, or he will use appropriate<br />
s<strong>of</strong>tware which will follow all page links from the index page <strong>of</strong> the website. This is not the end <strong>of</strong> the<br />
story, however.<br />
What will be <strong>of</strong> interest to the hacker will be the files and directories forgotten by the webmaster and<br />
not linked to a public page. Intellitamper is such a s<strong>of</strong>tware that can recover the list <strong>of</strong> all files present<br />
on the server and to use brute force on the file or directory names to find their existence. Intellitamper<br />
functions on Windows, so we will also see the example <strong>of</strong> a PHP script attacking through a dictionary.<br />
Intellitamper<br />
Intellitamper is a s<strong>of</strong>tware with a very simple interface which will enable us to map the website without<br />
downloading the files (unlike Web aspirators). By default, it functions by following the links present on<br />
each page from the site index. To start the s<strong>of</strong>tware, all that has to be done is to give it the url <strong>of</strong> the<br />
site that is to be scanned and to click on the small button in the shape <strong>of</strong> a magnifying glass. In the<br />
example above, “http://www.thehackademy.net” is our target. By launching options by default,<br />
Intellitamper will not use brute force to find all the directories (or files) not linked to the pages.<br />
The <strong>Hack</strong>ademy DMP -101/209- SYSDREAM