Because i know jack about website building and stuff, i wonder, how much would it take to hack into one?(Not that I would) is it like modding an apk or something just completely different?
The easiest way is to steal all the cookies , then clone every mac address/useragents, then just use their sessions to create bots; the moral of this story is "be nobody but everybody"
first thing is install vmware and setup a linux virtual machine (kali linux comes with most hacking tools preinstalled), then install these packages
nikto - install this and run it against your target website, it looks for all known vulnerabilities
dirb - searches for all common sub directories - really useful for finding admin only sections
metasploit - another epxloit scanner
To be honest the chances of finding a vulnerability on an apache server is almost zero. The only chance you have to hack (or be hacked) is if you are using some out of date addons (joomla, wordpress etc). Apache and even IIS are pretty rock solid.
But there are fun things you can do, for example I found a website that was selling software I wanted, using dirb I found their "hidden" download directory and simply downloaded all their software for free.
Well it is rare that you find a site that has a blatant vulnerability. Easy thing for me is a SQL injection. If you were really lucky you can do a dns what is it called an intercept? I can't remember the right word without switching my keyboard and I'm trying to sleep. It is where you sort of sneak in by riding on the bears tail. In school we played with this to learn how to prevent it. SQL injection is more likely because most sites query the usual commands for being carried in. Even SQL injections all they have to do is block some processes or block some commands which most do automatically and that is done.
It is why most people use the sub orbital ion canon to cause chaos and usually you can use injections during that because some organizations are still dumb enough to keep trying to have the lights on and instead of turning off access by shutting down for a couple hours they let their servers be punch repeatedly in the face when they are struggling to stay awake. It is easy to force a pill down someone's throat when they can barely think to close their mouth.
I like it when people try to do that to one of my clients. Most are small to medium sized networks. Full of dumb people. I have to tell them that it is like a rope-a-dope where you let them wail on you till they tire themselves out and you can take them out with a combination of jabs.
Oh... Easiest way... Whaling. Find information on social media about leadership and email structure and send phishing emails to the leadership. Most companies are too dumb to realize that a CEO should not have a super admin account since they will be the most targeted.