CEH 13- Hacking Web Servers

By
Before we are going to talk about "Hacking Web Servers", first we need to know about "how the Web server works?".

What is a Web Server? 

  • Web Server is a computing system that runs on server OS. 
  • It process the HTTP/HTTPS requests and serve the web pages on the world wide web(www). 
  • The pages delivered are HTML documents, which may include images and scripts in addition to the text content. 
  • Clients uses a web browser to interact with the web server. 
  • Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. 
  • There are many Web server software applications like Xampp, Apache, Nginx, IIS web server, etc.
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

How the Web Servers Works? 

  • When a user requests a web page hosted on the internet, the web server responds with that requested page. 
  • The below image represents this process

Steps of Working Web Server: 

  • Web browser first obtains the domain name and resolves it to IP address. 
  • It can obtain the IP address in 2 ways: 
  1. By searching cache. 
  2. By requesting one or more DNS Servers. 
  • After knowing the IP Address, the browser now demands a full URL from the web server. 
  • The web server responds, by sending the requested page to the browser. 
  • If the web page does not exist, then it will display an appropriate error message. 
  • The browser renders the response received from the server to display it on the screen.

Popular Web Servers: 

The following are a list of the common web servers:

1. Apache: 

  • The commonly used web server on the internet. 
  • It is cross-platform application software, but it is usually installed on Linux. 
  • Most PHP websites are hosted on Apache servers.

2. Internet Information Services (IIS):

  • It runs on windows and is the second most used web server on the internet. 
  • Most websites built using ASP.Net are hosted on IIS servers. 

3. Apache Tomcat: 

  • Java server pages (JSP) websites are hosted on this type of web server. 

Other web servers: 

  • Novell's Web Server, IBM Lotus Domino servers, Cloudflare web server, Oracle web server, Lightspeed servers, Amazon web server, Google web server, Nginx, etc.

Hacking Web Servers: 

1. Footprinting Web Server: 

  • Attackers use ID Serve, Netcraft, HTTP Recon, Whois tools to get details about the target server. 
  • Use robot’s exclusion protocol, a standard used by websites to communicate with web crawlers and other web robots to gather some sensitive information. 
  • This file (robots.txt) will inform the web robot about which areas of the website should not be processed or scanned. 
  • By performing the DNS enumeration, we can get the dns records and types of servers. 

2. Identify Vulnerabilities on Web Server: 

  • Perform vulnerability scan to identify weaknesses in a network and determine if the system can be exploited. 
  • Use vulnerability scanners like Sparta, Nikto, HP Web Inspect, Acunetix Web Vulnerability Scanner to find out hosts, services, and vulnerabilities. 
  • Sniff the network traffic to identify vulnerabilities on active systems or network services. 
  • Test the web server infrastructure for any misconfigurations, outdated content, and vulnerabilities.

3. Web Server Vulnerabilities: 

The following vulnerabilities are most commonly exploited in web servers:
  • Improper file and directory permissions. 
  • Unnecessary services enabled, including content management and remote administration. 
  • Improper authentication with external systems. 
  • Default accounts with default or no passwords. 
  • Misconfiguration in web-server, operating system or network. 
  • Bugs in server software, system software(OS) or web application. 
  • Lack of security policy and procedures.

4. Attacks possible against Web Servers: 

1. Denial of Service Attacks: 

  • With this type of attack, the web server may crash or become unavailable to the legitimate users. 

2. Domain Name System(DNS) Hijacking: 

  • In this type of attack, the DNS settings are changed to point victims to the attacker’s web server. 
  • All the traffic was supposed to hit a malicious server. 

3. Sniffing: 

  • Unencrypted data sent over the network may be intercepted and used to gain unauthorized access to the web server. 

4. Defacement: 

  • The attacker takes advantage of vulnerabilities in the web server to replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages. 

5. Impact of Web Server Attacks: 

  • Easy to compromise user accounts. 
  • Gaining root access to other applications on servers. 
  • Access to confidential data (Data tampering/Data theft). 
  • Perform Web Application attacks. 
  • The compromised web server can be used to spread malicious software on the internet, which can infect users who visit the compromised website. 
  • Compromised user data can be used for fraudulent activities. 
  • An organization’s reputation can be ruined.

Mitigations: 

  • Scan for existing vulnerabilities, patch it and update the server software regularly. 
  • Block all unnecessary ports, ICMP traffic and unnecessary protocols. 
  • Consistently apply the latest software patches and update system software. 
  • If remote access is needed, make sure that the remote connection is adequately secured, by using tunneling and encryption protocols. 
  • Stop running vulnerable applications on the server, such as WebDAV. 
  • Unnecessary applications can be removed on a server by using Add/Remove Programs in the Windows Control Panel. 
  • Perform bound checking on input for web forms and query strings to prevent buffer overflow or malicious input attacks. 
  • Disable remote administration. 
  • Avoid printing error messages or display customized error message. 
  • Enable auditing and logging. 
  • Use a firewall between the web server and the Internet and allow only necessary ports (such as 80 and 443) through the firewall. 
  • Replace the GET method with the POST method when sending data to a web server.

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more