How does a hacker reach a back-end file to exploit it?

Information Security Asked by Cronos on February 9, 2021

I read this post: How does hacking work? and I saw that Chris Dale answered the question with some PHP exploit instructions. However, how does a hacker can read a PHP file (or another back-end file), since it is in a server? What do hackers do to reach a back-end file in the first place? is it done with pre-made tools like Metasploit or network tools then, after being able to read the file by the tool, they write custom exploits to achieve what they want? I wonder too if Javascript is easier to exploit because a section of the program usually is in the front-end (I mean files that aren’t node.js ones). I don’t have prior knowledge in hacking.

One Answer

"Hackers" don't really do (or need to do) what you are describing. In some cases, a misconfiguration may allow for a remote user to view the text content of a PHP script file (e.g. maybe a backup file with a file extension not normally executed by the PHP interpreter, or some arbitrary read vulnerability), but this is not required to construct a working exploit.

In general, I'd say there are at least two ways an attacker may find vulnerabilities without reading the source off the server:

  1. The application is a well-known open source product (e.g. WordPress), and the attacker downloaded the source and found a vulnerability that way, or they found an existing vulnerability that applies to the version on the target server.
  2. Certain design patterns immediately raise red flags to the trained eye. If I see in the URL something like /?file=store.html, this looks like it could be used for directory traversal/LFI/RFI (e.g. maybe replace the file parameter with ../../../../etc/passwd to test). Or, if the website lets me directly or indirectly run system commands (e.g. "Enter an IP address to ping"), it may be worth attempting shell escapes ($(cat /etc/passwd)) to see if there is a command injection vulnerability. These type of blind attacks are often more of an art than science, as it can take quite a bit of intuition and assumption on the attacker's part to figure out how the system works and where a vulnerability may exist.

Answered by multithr3at3d on February 9, 2021

Add your own answers!

Related Questions

with Apple user verification

0  Asked on November 8, 2021


Whom should I report spam emails to?

1  Asked on November 6, 2021


How to secure my PHP url endpoints

1  Asked on November 6, 2021


Is there any alternative to nmap for UDP?

3  Asked on November 6, 2021


Arp poisoning doesn’t work with HTTPS navigation

1  Asked on October 28, 2021 by user13105993


PHP Blind XXE Exploitation: Invalid URI in Entity

1  Asked on October 28, 2021 by user3207874


Ask a Question

Get help from others!

© 2023 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP