From the Nomad Mobile Research Centre:



			 Frequently Asked Questions 

				   About

			      Hacking the Web



		       "The Unofficial WWW Hack FAQ"



			       Beta Version 3

                                November 1997



			  Compiled by Simple Nomad





Disclaimer - I disclaim all of you.



Tunes - NIN, Stravinsky, Xen.



---------------------------------------------------------------------------

---------------------------------------------------------------------------



Contents



N means New, U means Updated



---------------------------------------------------------------------------



Section 00



General Info



  00-1. What is this "FAQ" for?

  00-2. What is the origin of this FAQ and how do I add to it?

U 00-3. Is this FAQ available by anonymous FTP or WWW?

  00-4. What conventions are used in this document?

  00-5. What is needed in this FAQ?

  00-6. Where can I get more info regarding Web security?



---------------------------------------------------------------------------



Section 01



The Browser



  01-1. What is "unsafe" about my browser?

  01-2. What is vulnerable about history, bookmark, and cache files?

  01-3. What other browser files are important? 

  01-4. Can you tell me more about the "cookie" file?

  01-5. How can I protect my browser files?

  01-6. Are there any default browser holes?

N 01-7. What about Internet Explorer?



---------------------------------------------------------------------------



Section 02



URL Attack Time



  02-1. What is phf?

  02-2. What's the "test" hack?

  02-3. What about that ~ character?

  02-4. What's the deal with forms?

  02-5. What will this look like in the target's log files?

  02-6. What's the deal with Server-Side Includes?

  02-7. What if SSIs are turned on but includes are stripped from user

        input?

  02-8. What is the jj.c problem?

  02-9. What are SSL and SHTTP?

  02-10. How can I attack "anonymously"?

N 02-11. What is the "asp dot" attack?



---------------------------------------------------------------------------



Section 03



The Basic Web Server



  03-1. What are the big "weak spots" on servers?

  03-2. What are the critical files?

  03-3. What's the difference between httpd running as a daemon vs. running

        under inetd?

  03-4. How does the server resolve paths?

  03-5. What log files are used by the server?

  03-6. How do access restrictions work?

  03-7. How do password restrictions work?

N 03-8. What is "Web Spoofing"?



---------------------------------------------------------------------------



Section 04



Fun with Other Web Servers



  04-1. What are some known vulnerabilities with Microsoft Internet

        Information Server?

  04-2. What are some known vulnerabilities with Netscape for NT?

U 04-3. What about WebSite and Purveyor?

  04-4. Is Novell's IntranetWare web server software vulnerable?

  04-5. What about WebSTAR for the Mac?

  04-6. Does CERN's httpd have any vulnerabilities?

N 04-7. What is the iCat Carbo Server bug?



---------------------------------------------------------------------------



Section 05



Fun with Java/JavaScript/ActiveX



  05-1. What is a JavaScript Applet?

  05-2. What is the JavaScript problem?

  05-3. What is an example of this "bad" Java code?

N 05-4. What about ActiveX?



---------------------------------------------------------------------------



Section 06



WWW as an InfoWar Tool



  06-1. What are some good search engines?

  06-2. What "vulnerable" files can I find?

  06-3. What is Internet vs. Intranet servers?

  06-4. I want to hack a site. How can the web help me?

  06-5. Where does the "social engineer" look on the web?



---------------------------------------------------------------------------



Section 07



CGI, Perl, Scripts, etc.



  07-1. What is CGI?

  07-2. Are there default vulnerabilities?

  07-3. How do I spot code with holes?

  07-4. Why are buffers so important?



---------------------------------------------------------------------------



Section 08



For The Lamer...



  08-1. How can I falsely increase the hits on my counter?

  08-2. My ISP limits web space and I want tons of graphics. What do I do?

  08-3. How can I get pictures without paying for them at adult web sites?



---------------------------------------------------------------------------



Section 09



For The Stupid...



  09-1. How do I secure things?

  09-2. I'm an idiot. Exactly how do hackers get in?

  09-3. I have xxx setup and xxx version running. Am I secure?



---------------------------------------------------------------------------

