CEH 14- Hacking Web Applications

By
Before we are going to talk about "Hacking Web Applications", first we need to know about "Web Application, its development and its working". So let's get started.

What is Web Application? 

  • A Web Application is a program that is accessed over internet using HTTP or HTTPS existing in the web server. 
  • The web application is a client-server application.
  • In which client is a web browser like chrome, firefox, safari, etc. 
  • The web application contains a set of web pages, scripts, images, etc. 
  • Web applications help organizations to grow their business. 
  • Web applications include online forms, shopping carts, word processors, spreadsheets, video and photo editing, file conversion, file scanning, and email programs such as Gmail, Yahoo, etc,.
  • Types of websites:
  1. Static Website 
  2. Dynamic Website 
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

1. Static Website: 

  • A static website contains web pages with fixed content. 
  • A static site can be built using HTML and hosted on a Web server. 
  • Examples: Wikipedia, Blog, etc.

2. Dynamic Website: 

  • The information on dynamic website changes based on user interaction, the time zone, the viewer’s native language, and other factors. 
  • These pages include Web scripting code, such as PHP or ASP. 
  • When a dynamic page is accessed, the code within the page is parsed on the Web server, and the resulting HTML is sent to the client web browser. 
  • Dynamic websites can interact with the user, capable of access information stored on the database. 
  • Dynamic web pages are also known as database-driven websites.
  • Examples: Gmail, Linkedin, Facebook, etc.

Web Application Working: 

  • The user sends a request to the web server over the internet through a web browser. 
  • Web server forward these requests to the web application server. 
  • Web application server queries the database and generates the results as per the user request. 
  • Web servers respond back to the client with the requested information.

How to Hack Website?

  • There are 3 ways to hack a website, as shown in the below.
Web Application Pentesting Server Side Attack Client Side Attack
An application hosted on the computer. Computer uses an OS or other application. Managed by human.
In this article, we are going to discuss about Web Application Hacking(Web Application Pentesting).

OWASP: 

  • The Open Web Application Security Project (OWASP), an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. 
  • It aims to raise awareness about application security by identifying some of the most critical risks that organizations are facing. 

The Top 10 OWASP vulnerabilities:

  • “Change has accelerated over the last four years, and the Top 10 needed to change,” OWASP said. 
  • “Over the last few years, the fundamental technology and architecture of applications has changed significantly.”

1. Parameter Tampering: 

  • This attack involves the manipulation of parameters exchanged between client and server.
  • With this we can modify application data such as user credentials, permissions, price, the quantity of products. 
  • Establishing a proxy can make the process of tampering simple if the web application fails in proper session management.

2. Directory Traversal: 

  • Directory Traversal or Path Traversal is an attack on HTTP which allows attackers to access restricted directories outside of the web server root location. 
  • Attackers try to access restricted directories that contain sensitive information like server configuration files, application source code, etc. 
  • Attackers can manage to access files located outside the web root because of this vulnerability. 
  • Example: http://www.example.com/abc.php=../../../../etc/passwd

3. Cross-Site Scripting(XSS) attack: 

  • XSS attack takes advantage of dynamically generated web content based on user input provided on web pages. 
  • An attacker tries to inject commands in input fields provided on web pages. 
  • If the web server is unable to validate input fields on a web page properly. 
  • Then it will execute the command provided by the attacker and unknowingly reveal information related to the client. 
  • Types of XSS:
  1. Reflected XSS 
  2. Stored XSS 
  3. DOM Based XSS

4. Cross-Site Request Forgery: 

  • Any request sent to the server are not validated (No server-side validation). 
  • The server processes the request without verifying whether the user made the request or not. 
  • Because of poor validation, requests can be forged and sent to users to force them to do things that they are not intended to do. 
  • By clicking some links, users may unknowingly change account passwords.

5. Command Injection: 

  • Command injection vulnerability in a web application allows attackers to inject untrusted data and execute it as part of regular command or query. 
  • Attackers use specially crafted malicious commands or queries to exploit these vulnerabilities which may result in data loss. 
  • Injection attacks are possible because of poor web development capabilities.

6. File Inclusion: 

6.1. Local File Inclusion: 

  • Allows an attacker to gain access to any file on the server computer. 
  • An attacker can even access a file located apart from the web-root folder. 

6.2. Remote File Inclusion: 

  • Allows an attacker to gain access to any file from any server. 
  • We can execute file located on a remote server on the vulnerable server. 

Mitigation:

  • Validate user input length, perform bound checking. 
  • Define access rights to private folders on the web server. 
  • Use the more secure HTTPS protocol instead of HTTP if available. 
  • Use language-specific libraries for the programming language. 
  • Log out from online user accounts instead of directly closing the browser, to properly end sessions. 
  • Take careful note of security warnings from the web browser. 
  • Avoid clicking links to sensitive portals, such as for e-banking, instead enter the URL of the website manually. 
  • Keep web application building software (frameworks) up to date to protect websites from application-based attacks.

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more