Hello there, I'm an infosec student in college and I practice hacking LAN hosts on VMs on my home computer/network. I'm interested in learning web development to supplement my hacking skills, because I think it's pretty important to have a deep understanding of systems when striving to be a highly skilled hacker, and I think that obviously comes from not just practicing hacking systems, but also developing them.
I'm looking to start learning PHP and web development on a LAMP stack in a virtual environment, and I have a couple questions. First, does anyone know of any good general resources? Videos, and books. Regarding books, are there any good books that deal specifically with the LAMP stack, or would I need to just get separate books for each element in the LAMP stack?
Secondly, I've come across a couple guides on the internet, one recommending Ubuntu desktop, and another recommending Ubuntu server. Which is more commonly used? Server, right? Or does it not matter since Apache is the web server?
That's all the questions for now, thanks for reading.
If you need some resources on LAMP stacks, view the Digitalocean forums, they have great tutorials on Apache setups and applications.
Ubuntu Server is indeed what you need if you plan on installing a webserver on it, as the commandline will be the only thing you need.
If you need some PHP tutorials (not sure if you asked, but I just want to be as complete as possible), you can view Teamtreehouse, Laracasts and Codecademy. The first two are paid services, but are reasonable (You can ask Teamtreehouse for a student discount, which will reduce the price to $9/month).
Most common web hosting environments: CentOS, RedHat, Suse (and OpenSuse), Debien (including Ubuntu Server), and Windows Server. LAMP/WAMP can run on any of the above OS's with varying degrees of success. I personally use a combination of Debian and Windows servers professionally for web hosting and development. On my linux based servers I run a standard LAMP stack. On my Windows based servers I run Uniserver to fulfill my WAMP needs.
There are son many books on LAMP and WAMP that I couldn't make a good recommendation. My advice? Find an old box you have laying around and install an Ubuntu Server and install a LAMP stack. Play around with the various config files. See what works and what doesn't. If you break it just start over and learn from your mistakes. If you need reference material for best practices use some google-fu or ask here. If you have any specific questions post em here or feel free to PM me. Learning by doing will take a lot further than any book. I might find some time later today to through together quick "how to" guide for getting around Apache and PHP. Hope that helps.
Just be aware that most php stuff you find on the web will be complete crap. I'm talking in the range of 90%. Also check out the php manual, and OWASP. hashphp.org has a collection of good links too.
Thanks everyone for the recommendations. I've been going through HTML & CSS on codecademy.com and afterwards will go through their PHP module and then probably javascript. I also just ordered Fundamentals of Web Development, which is expensive, but looks to be a good all-in-one resource, so I'll have plenty of resources with the additions of the suggestions in this thread.
I didn't have any sort of ideas as far as a site to build when starting this thread but I have actually come up with something I need a website for, so I'm definitely planning on tackling this great subject in the coming months and hopefully will have a functioning site up about mid year, which I plan to host on a linode VPS.
In short, thanks again everyone, and I'll probably bump this thread from time to time with further questions.
If you want an easier way to administrate Apache, use Webmin. Saves you the trouble of having to do EVERYTHING manually, plus its very helpful for MySQL
Interaction of web forms when submitting to a remote server. This will be useful when you want to start exploiting SQL injection, format string vulnerabilities, XSS, and remote code execution. Having a firm understanding of how POST/PUT/GET and the other HTTP verbs will help out with this. You could also set up your environment, and work out backwards (specifically create a vulnerability that you want to test) to play around with the different exploits you might see in the wild.
HTML/CSS you should have a cursory understanding of, but the big winner would be to learn Javascript well. A lot of XSS and other attack vectors rely on it when dealing with client side and browser (XSS) vulnerabilities.
Learn how to set up virtual machines easily with different versions of software that you're targeting. Knowing how to install a specific version of OpenSSL, PHP, [my]SQL, or other vulnerable software is a must.
Learn the software stack inside and out. Know how the exact path a request goes from DNS resolution all the way to a full formed response and every step in between. IP/TCP forming and watching requests with wireshark can be a huge benefit, both on the requesting machine and host.
Ignore the recommendations of specific flavors of linux. Pick one that you will stick with and learn well, and don't be afraid to switch once you feel comfortable. You should have a good understanding of each. Once you gain a relatively good understanding of one, the rest are easy to pick up. Even learning FreeBSD or other BSD variants should be easy once you have a firm understanding of the general *nix architecture. Debian, Ubuntu, CentOS, RHEL, Gentoo are the most widely used Linux based OSes. FreeBSD, HP-UX, Solaris are used frequently as well. A breakdown of usage statistics done in September of 2014 is here: http://w3techs.com/technologies/details/os-linux/all/all
Once you have your system set up and you understand what is going on, try and introduce some well known vulnerabilities to it and try to exploit them. Working backwards and knowing exactly what you've introduced and the ways you can exploit it can help early frustrations. Utilize diagnostic utilities that you wouldn't normally have access to (strace on the host machine can make your life so much easier) when trying to figure out what is happening can help immensely.