hands-on ethical hacking and network defense chapter 10 hacking web servers
TRANSCRIPT
![Page 1: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/1.jpg)
Hands-On Ethical Hacking and Network Defense
Chapter 10Hacking Web Servers
![Page 2: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/2.jpg)
Hands-On Ethical Hacking and Network Defense 2
Objectives
• Describe Web applications
• Explain Web application vulnerabilities
• Describe the tools used to attack Web servers
![Page 3: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/3.jpg)
Hands-On Ethical Hacking and Network Defense 3
Understanding Web Applications
• It is nearly impossible to write a program without bugs– Some bugs create security vulnerabilities
• Web applications also have bugs– Web applications have a larger user base than
standalone applications– Bugs are a bigger problem for Web applications
![Page 4: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/4.jpg)
Hands-On Ethical Hacking and Network Defense 4
Web Application Components
• Static Web pages– Created using HTML
• Dynamic Web pages– Need special components
• <form> tags• Common Gateway Interface (CGI)• Active Server Pages (ASP)• PHP• ColdFusion• Scripting languages• Database connectors
![Page 5: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/5.jpg)
Hands-On Ethical Hacking and Network Defense 5
Web Forms
• Use the <form> element or tag in an HTML document– Allows customer to submit information to the Web
server
• Web servers process information from a Web form by using a Web application
• Easy way for attackers to intercept data that users submit to a Web server
![Page 6: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/6.jpg)
Hands-On Ethical Hacking and Network Defense 6
Web Forms (continued)
• Web form example<html>
<body>
<form>
Enter your username:
<input type="text" name="username">
<br>
Enter your password:
<input type="text" name="password">
</form></body></html>
![Page 7: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/7.jpg)
Hands-On Ethical Hacking and Network Defense 7
![Page 8: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/8.jpg)
Hands-On Ethical Hacking and Network Defense 8
Common Gateway Interface (CGI)
• Handles moving data from a Web server to a Web browser
• The majority of dynamic Web pages are created with CGI and scripting languages
• Describes how a Web server passes data to a Web browser– Relies on Perl or another scripting language to create
dynamic Web pages
• CGI programs can be written in different programming and scripting languages
![Page 9: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/9.jpg)
Hands-On Ethical Hacking and Network Defense 9
Common Gateway Interface (CGI) (continued)
• CGI example– Written in Perl– Hello.pl– Should be placed in the cgi-bin directory on the Web
server#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello Security Testers!";
![Page 10: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/10.jpg)
Hands-On Ethical Hacking and Network Defense 10
Active Server Pages (ASP)
• With ASP, developers can display HTML documents to users on the fly– Main difference from pure HTML pages– When a user requests a Web page, one is created at
that time
• ASP uses scripting languages such as JScript or VBScript
• Not all Web servers support ASP
![Page 11: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/11.jpg)
Hands-On Ethical Hacking and Network Defense 11
![Page 12: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/12.jpg)
Hands-On Ethical Hacking and Network Defense 12
Active Server Pages (ASP) (continued)
• ASP example<HTML>
<HEAD><TITLE> My First ASP Web Page </TITLE></HEAD>
<BODY>
<H1>Hello, security professionals</H1>
The time is <% = Time %>.
</BODY>
</HTML>
• Microsoft does not want users to be able to view an ASP Web page’s source code– This can create serious security problems
![Page 13: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/13.jpg)
Hands-On Ethical Hacking and Network Defense 13
Apache Web Server
• Tomcat Apache is another Web Server program
• Tomcat Apache hosts anywhere from 50% to 60% of all Web sites
• Advantages– Works on just about any *NIX and Windows platform– It is free
• Requires Java 2 Standard Runtime Environment (J2SE, version 5.0)
![Page 14: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/14.jpg)
Hands-On Ethical Hacking and Network Defense 14
![Page 15: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/15.jpg)
Hands-On Ethical Hacking and Network Defense 15
![Page 16: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/16.jpg)
Hands-On Ethical Hacking and Network Defense 16
Using Scripting Languages
• Dynamic Web pages can be developed using scripting languages– VBScript– JavaScript– PHP
![Page 17: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/17.jpg)
Hands-On Ethical Hacking and Network Defense 17
PHP: Hypertext Processor (PHP)
• Enables Web developers to create dynamic Web pages– Similar to ASP
• Open-source server-side scripting language– Can be embedded in an HTML Web page using PHP
tags <?php and ?>
• Users cannot see PHP code on their Web browser
• Used primarily on UNIX systems– Also supported on Macintosh and Microsoft platforms
![Page 18: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/18.jpg)
Hands-On Ethical Hacking and Network Defense 18
PHP: Hypertext Processor (PHP) (continued)
• PHP example<html>
<head>
<title>My First PHP Program </title>
</head>
<body>
<?php echo '<h1>Hello, Security Testers!</h1>'; ?>
</body>
</html>
• As a security tester you should look for PHP vulnerabilities
![Page 19: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/19.jpg)
Hands-On Ethical Hacking and Network Defense 19
ColdFusion
• Server-side scripting language used to develop dynamic Web pages
• Created by the Allaire Corporation
• Uses its own proprietary tags written in ColdFusion Markup Language (CFML)
• CFML Web applications can contain other technologies, such as HTML or JavaScript
![Page 20: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/20.jpg)
Hands-On Ethical Hacking and Network Defense 20
ColdFusion (continued)
• CFML example<html>
<head>
<title>Using CFML</title>
</head>
<body>
<CFLOCATION URL="www.isecom.org/cf/index.htm" ADDTOKEN="NO">
</body>
</html>
• CFML is not exempt of vulnerabilities
![Page 21: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/21.jpg)
Hands-On Ethical Hacking and Network Defense 21
VBScript
• Visual Basic Script is a scripting language developed by Microsoft
• Converts static Web pages into dynamic Web pages– Takes advantage of the power of a full programming
language
• VBScript is also prone to security vulnerabilities– Check the Microsoft Security Bulletin for information
about VBScript vulnerabilities
![Page 22: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/22.jpg)
Hands-On Ethical Hacking and Network Defense 22
VBScript (continued)
• VBScript example<html>
<body>
<script type="text/vbscript">
document.write("<h1>Hello Security Testers!</h1>")
document.write("Date Activated: " & date())
</script>
</body>
</html>
![Page 23: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/23.jpg)
Hands-On Ethical Hacking and Network Defense 23
![Page 24: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/24.jpg)
Hands-On Ethical Hacking and Network Defense 24
JavaScript
• Popular scripting language
• JavaScript also has the power of a programming language– Branching– Looping– Testing
• Variety of vulnerabilities exist for JavaScript that have been exploited in older Web browsers
![Page 25: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/25.jpg)
Hands-On Ethical Hacking and Network Defense 25
JavaScript (continued)
• JavaScript example<html>
<head>
<script type="text/javascript">
function chastise_user()
{
alert("So, you like breaking rules?")
document.getElementByld("cmdButton").focus()
}
</script>
</head>
<body>
<h3>"If you are a Security Tester, please do not click the command
button below!"</h3>
<form>
<input type="button" value="Don't Click!" name="cmdButton"
onClick="chastise_user()" />
</form>
</body>
</html>
![Page 26: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/26.jpg)
Hands-On Ethical Hacking and Network Defense 26
![Page 27: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/27.jpg)
Hands-On Ethical Hacking and Network Defense 27
![Page 28: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/28.jpg)
Hands-On Ethical Hacking and Network Defense 28
Connecting to Databases
• Web pages can display information stored on databases
• There are several technologies used to connect databases with Web applications– Technology depends on the OS used
• ODBC
• OLE DB
• ADO
– Theory is the same
![Page 29: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/29.jpg)
Hands-On Ethical Hacking and Network Defense 29
Open Database Connectivity (ODBC)
• Standard database access method developed by the SQL Access Group
• ODBC interface allows an application to access– Data stored in a database management system– Any system that understands and can issue ODBC
commands
• Interoperability among back-end DBMS is a key feature of the ODBC interface
![Page 30: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/30.jpg)
Hands-On Ethical Hacking and Network Defense 30
Open Database Connectivity (ODBC) (continued)
• ODBC defines– Standardized representation of data types– A library of ODBC functions– Standard methods of connecting to and logging on to
a DBMS
![Page 31: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/31.jpg)
Hands-On Ethical Hacking and Network Defense 31
Object Linking and Embedding Database (OLE DB)
• OLE DB is a set of interfaces– Enables applications to access data stored in a
DBMS
• Developed by Microsoft– Designed to be faster, more efficient, and more
stable than ODBC
• OLE DB relies on connection strings
• Different providers can be used with OLE DB depending on the DBMS to which you want to connect
![Page 32: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/32.jpg)
Hands-On Ethical Hacking and Network Defense 32
![Page 33: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/33.jpg)
Hands-On Ethical Hacking and Network Defense 33
ActiveX Data Objects (ADO)• ActiveX defines a set of technologies that allow
desktop applications to interact with the Web• ADO is a programming interface that allows Web
applications to access databases• Steps for accessing a database from a Web page
– Create an ADO connection– Open the database connection you just created– Create an ADO recordset– Open the recordset– Select the data you need– Close the recordset and the connection
![Page 34: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/34.jpg)
Hands-On Ethical Hacking and Network Defense 34
Understanding Web Application Vulnerabilities
• Many platforms and programming languages can be used to design a Web site
• Application security is as important as network security
• Attackers controlling a Web server can– Deface the Web site– Destroy or steal company’s data– Gain control of user accounts– Perform secondary attacks from the Web site– Gain root access to other applications or servers
![Page 35: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/35.jpg)
Hands-On Ethical Hacking and Network Defense 35
Application Vulnerabilities Countermeasures
• Open Web Application Security Project (OWASP)– Open, not-for-profit organization dedicated to finding
and fighting vulnerabilities in Web applications– Publishes the Ten Most Critical Web Application
Security Vulnerabilities
• Top-10 Web application vulnerabilities– Unvalidated parameters
• HTTP requests are not validated by the Web server
– Broken access control• Developers implement access controls but fail to test
them properly
![Page 36: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/36.jpg)
Hands-On Ethical Hacking and Network Defense 36
Application Vulnerabilities Countermeasures (continued)
• Top-10 Web application vulnerabilities (continued)– Broken account and session management
• Enables attackers to compromise passwords or session cookies to gain access to accounts
– Cross-site scripting (XSS) flaws• Attacker can use a Web application to run a script on
the Web browser of the system he or she is attacking
– Buffer overflows• It is possible for an attacker to use C or C++ code that
includes a buffer overflow
![Page 37: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/37.jpg)
Hands-On Ethical Hacking and Network Defense 37
Application Vulnerabilities Countermeasures (continued)
• Top-10 Web application vulnerabilities (continued)– Command injection flaws
• An attacker can embed malicious code and run a program on the database server
– Error-handling problems• Error information sent to the user might reveal
information that an attacker can use
– Insecure use of cryptography• Storing keys, certificates, and passwords on a Web
server can be dangerous
![Page 38: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/38.jpg)
Hands-On Ethical Hacking and Network Defense 38
Application Vulnerabilities Countermeasures (continued)
• Top-10 Web application vulnerabilities (continued)– Remote administration flaws
• Attacker can gain access to the Web server through the remote administration interface
– Web and application server misconfiguration• Any Web server software out of the box is usually
vulnerable to attack
– Default accounts and passwords
– Overly informative error messages
![Page 39: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/39.jpg)
Hands-On Ethical Hacking and Network Defense 39
Application Vulnerabilities Countermeasures (continued)
• WebGoat project– Helps security testers learn how to perform
vulnerabilities testing on Web applications– Developed by OWASP
• WebGoat can be used to– Reveal HTML or Java code and any cookies or
parameters used– Hack a logon name and password
![Page 40: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/40.jpg)
Hands-On Ethical Hacking and Network Defense 40
![Page 41: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/41.jpg)
Hands-On Ethical Hacking and Network Defense 41
![Page 42: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/42.jpg)
Hands-On Ethical Hacking and Network Defense 42
Application Vulnerabilities Countermeasures (continued)
• WebGoat can be used to– Traverse a file system on a Windows XP computer
running Apache– WebGoat’s big challenge
• Defeat an authentication mechanism
• Steal credit cards from a database
• Deface a Web site
![Page 43: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/43.jpg)
Hands-On Ethical Hacking and Network Defense 43
![Page 44: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/44.jpg)
Hands-On Ethical Hacking and Network Defense 44
![Page 45: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/45.jpg)
Hands-On Ethical Hacking and Network Defense 45
![Page 46: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/46.jpg)
Hands-On Ethical Hacking and Network Defense 46
Assessing Web Applications
• Security testers should look for answers to some important questions– Does the Web application use dynamic Web pages?– Does the Web application connect to a backend
database server?– Does the Web application require authentication of
the user?– On what platform was the Web application
developed?
![Page 47: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/47.jpg)
Hands-On Ethical Hacking and Network Defense 47
Does the Web Application Use Dynamic Web Pages?
• Static Web pages do not create a security environment
• IIS attack example– Submitting a specially formatted URL to the attacked
Web server
• IIS does not correctly parse the URL information– Attackers could launch a Unicode exploithttp://www.nopatchiss.com/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c
– Attacker can even install a Trojan program
![Page 48: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/48.jpg)
Hands-On Ethical Hacking and Network Defense 48
Does the Web Application Connect to a Backend Database Server?
• Security testers should check for the possibility of SQL injection being used to attack the system
• SQL injection involves the attacker supplying SQL commands on a Web application field
• SQL injection examplesSELECT * FROM customer
WHERE tblusername = ' ' OR 1=1 -- ' AND tblpassword = ' '
orSELECT * FROM customer
WHERE tblusername = ' OR "=" AND tblpassword = ' OR "="
![Page 49: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/49.jpg)
Hands-On Ethical Hacking and Network Defense 49
Does the Web Application Connect to a Backend Database Server?
(continued)• Basic testing should look for
– Whether you can enter text with punctuation marks– Whether you can enter a single quotation mark
followed by any SQL keywords– Whether you can get any sort of database error
when attempting to inject SQL
![Page 50: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/50.jpg)
Hands-On Ethical Hacking and Network Defense 50
Does the Web Application Require Authentication of the User?
• Many Web applications require another server authenticate users
• Examine how information is passed between the two servers– Encrypted channels
• Verify that logon and password information is stored on secure places
• Authentication servers introduce a second target
![Page 51: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/51.jpg)
Hands-On Ethical Hacking and Network Defense 51
On What Platform Was the Web Application Developed?
• Several different platforms and technologies can be used to develop Web applications
• Attacks differ depending on the platform and technology used to develop the application– Footprinting is used to find out as much information
as possible about a target system– The more you know about a system the easier it is to
gather information about its vulnerabilities
![Page 52: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/52.jpg)
Hands-On Ethical Hacking and Network Defense 52
Tools of Web Attackers and Security Testers
• Choose the right tools for the job
• Attackers look for tools that enable them to attack the system– They choose their tools based on the vulnerabilities
found on a target system or application
![Page 53: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/53.jpg)
Hands-On Ethical Hacking and Network Defense 53
Web Tools
• Cgiscan.c: CGI scanning tool– Written in C in 1999 by Bronc Buster– Tool for searching Web sites for CGI scripts that can
be exploited– One of the best tools for scanning the Web for
systems with CGI vulnerabilities
![Page 54: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/54.jpg)
Hands-On Ethical Hacking and Network Defense 54
![Page 55: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/55.jpg)
Hands-On Ethical Hacking and Network Defense 55
Web Tools (continued)
• Phfscan.c– Written to scan Web sites looking for hosts that
could be exploited by the PHF bug– The PHF bug enables an attacker to download the
victim’s /etc/passwd file– It also allows attackers to run programs on the
victim’s Web server by using a particular URL
![Page 56: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/56.jpg)
Hands-On Ethical Hacking and Network Defense 56
Web Tools (continued)
• Wfetch: GUI tool– This tool queries the status of a Web server– It also attempts authentication using
• Multiple HTTP methods
• Configuration of host name and TCP port
• HTTP 1.0 and HTTP 1.1 support
• Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiation authentication types
• Multiple connection types
• Proxy support
• Client-certificate support
![Page 57: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/57.jpg)
Hands-On Ethical Hacking and Network Defense 57
![Page 58: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/58.jpg)
Hands-On Ethical Hacking and Network Defense 58
Summary
• Web applications can be developed on many platforms
• HTML pages can contain– Forms– ASP– CGI– Scripting languages
• Static pages have been replaced by dynamic pages
• Dynamic Web pages can be created using CGI, ASP, and JSP
![Page 59: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/59.jpg)
Hands-On Ethical Hacking and Network Defense 59
Summary (continued)
• Web forms allows developers to create Web pages with which visitors can interact
• Web applications use a variety of technologies to connect to databases– ODBC– OLE DB– ADO
• Security tests should check– Whether the application connects to a database– If the user is authenticated through a different server
![Page 60: Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers](https://reader035.vdocuments.mx/reader035/viewer/2022062221/56649db65503460f94aa8524/html5/thumbnails/60.jpg)
Hands-On Ethical Hacking and Network Defense 60
Summary (continued)
• Many tools are available for security testers– Cgiscan– Wfetch– OWASP open-source software
• Web applications that connect to databases might be vulnerable to SQL injection
• There are many free tools for attacking Web servers available in the Internet