Web applications provide an interface between end users and
web servers through a set of web pages that are generated at the
server end or contain script code to be executed dynamically
within the client web browser. These web applications are
publicly available and cannot be isolated completely and thus are
vulnerable to attacks like SQL injection, cross site scripting,
session hijacking etc.
The target information on a web server usually resides in a
database on the web server;
this database is accessed via a web application. For this reason,
web servers and web applications
go hand in hand. Compromising the web server is usually done
to gain access to the
underlying data in the web application.
Different methods followed for attacking a web server:
Ø Information gathering
Ø Vulnerability scanning
Ø Webserver footprinting
Ø Mirroring website
Ø Session hijacking
Ø Hacking webserver passwords
In information gathering phase attacker searches for
information about the target company with the help of Whois,
Traceroute, etc. tools.
For Webserver footprinting use tools like ID Serve, httprecon and
netcraft to gather account details, operating system, database
schema, etc. One can even use telnet to gather information like
server name, server type, operating system, etc.
To mirror a website use tools like HTTrack, Web Copier,
BlackWidow, etc. to mirror a website.
Use tools like Nessus, paros proxy, etc. for vulnerability scanning
to find weaknesses in a network like any outdated content or
misconfiguration.
To perform session hijacking use tools like burp suite, hamster,
firesheep etc. and capture valid session cookies and IDs.
To crack passwords use tools like Brutus, THC-hydra, etc. one
can even pretend a a legitimate site that is asking to change
password or eve one can exploit ’Remember Me’ as it uses
simple persistent cookie. Cookies get stolen by techniques like
script injection and eavesdropping. Tools like Burp Suite and
paros proxy can trap cookies.
Many web application threats exist on a web server like:
Cross-Site Scripting: Cross site scripting is nothing but injection
of client side scripts into a website.
This can easily be done using all the various ways a website is
collecting inputs like text box, query strings, etc.
Validating cookies, query strings, form fields, and hidden fields
can prevent cross-site scripting
SQL Injection Inserting SQL commands into the URL gets the
database server to dump,
alter, delete, or create information in the database.
Command Injection The hacker inserts programming
commands into a web form.
Using language-specific libraries for the programming language.
Cookie Poisoning and Snooping The hacker corrupts or steals
cookies. So don’t store passwords in a cookie, implement cookie
timeouts, and authenticate cookies.
Buffer Overflow Huge amounts of data are sent to a web
application through a web form
to execute commands. Thus one must validate user input length,
perform bounds checking.
Authentication Hijacking The hacker steals a session once a
user has authenticated.
This can be prevented by using SSL to encrypt traffic.
Wget is a command-line tool that a hacker can use to download
an entire website,
complete with all the files. The hacker can view the source code
offline and test certain
attacks prior to launching them against the real web server.
WebSleuth is a tool that can pull all the email addresses from
different pages of a website.
BlackWidow can scan and map all the pages of a website to
create a mirrored site.
.
WSDigger is a web services testing tool that contains sample
attack plug-ins for SQL
injection, cross-site scripting, and other web attacks.
DISCLAIMER: The information provided by University of Hackers is to be used for educational purposes only and to help the reader to develop a hackers defense attitude discussed. The Author is not responsible for any misuse of the information provided. In no way should you use the information to cause any kind of damage directly or indirectly. You implement the information given at your own risk.!!
No comments :
Post a Comment
Are you avid to share your views? Go ahead and will be highly appreciated. Put your valuable comment that will help us to publish more worthy posts and content.