13 - Hacking Web Servers
Module 13 - Hacking Web Servers
What is a Web Server?
A web server is a software or hardware system that serves as the backbone of the World Wide Web, delivering web content to users' web browsers. It handles client requests for web pages, processes those requests, and sends back the requested web content, which may include HTML pages, images, scripts, stylesheets, and other files. Web servers are an essential component of the internet and play a central role in the process of serving websites and web applications to users.
Here are some key characteristics and functions of web servers:
Request-Response Model: Web servers operate on a request-response model. They receive incoming HTTP (Hypertext Transfer Protocol) requests from web browsers, process those requests, and send back HTTP responses containing the requested web content.
Content Storage: Web servers store web content and files, which are organized in a directory structure. These files can be static (unchanging) or dynamic (generated on-the-fly based on user input or data from databases).
HTTP Handling: Web servers are designed to understand and interpret the HTTP protocol, which is used for communication between web clients (typically web browsers) and the server. They handle various HTTP methods like GET, POST, PUT, DELETE, and more.
Security: Web servers often include security features to protect against common web threats, such as Distributed Denial of Service (DDoS) attacks, and they can be configured to support secure communication using HTTPS (HTTP Secure) with SSL/TLS encryption.
Server-Side Scripting: Many web servers support server-side scripting languages like PHP, Python, Ruby, and Node.js. These scripts allow dynamic generation of web content, database interactions, and more.
Logging and Monitoring: Web servers typically generate logs that record incoming requests, server responses, and errors. These logs can be valuable for troubleshooting and security analysis.
Load Balancing: In high-traffic scenarios, multiple web servers may be used in a load-balancing setup to distribute incoming requests and ensure optimal performance and availability.
Caching: Web servers often include caching mechanisms to store and serve frequently requested resources more quickly, reducing server load and improving response times.
Reverse Proxy: In some configurations, web servers can act as reverse proxies, sitting in front of application servers and forwarding client requests to the appropriate backend systems.
Web Server Reconnaissance & Footprinting
Skipfish β WebServer Recon
skipfish -o /root/test -S /usr/share/skipfish/dictionaries/complete.wl http://10.10.10.12:8080
-o path to store output, -S read only word list
ID Server - Webserver Foot printing
ID Serve determines the domain name associated with an IP address.
Click the Server Query tab. In option 1, enter the URL (http://10.10.10.12:8080/CEH)
Click Query the Server
Uniscan - WebServer Fingerprinting (Kali)
Use
uniscan -hfor usage techniquesuniscan -u http://10.10.10.12:8080/CEH -qwed-u url scan . -q directory check, - w file check, -e robots.txt and sitemap.xml check, -d for dynamic checksTo view report, go to /usr/share/uniscan/report
Bruteforce Credentials using a Dictionary Attack
nmap -p 21 <Target IP>hydra -L usernames.txt -P passwords.txt ftp://10.10.10.10hydra -L /root/Desktop/Wordlists/Usernames.txt -P /root/Desktop/Wordlists/Passwords.txt ftp://10.10.10.11hydra -l root -P passwords.txt [-t 32] ftphydra -L usernames.txt -P pass.txt mysqlhydra -l USERNAME -P /path/to/passwords.txt -f pop3 -Vhydra -V -f -L -P rdp:// hydra -P common-snmp-community-strings.txt target.com snmphydra -l Administrator -P words.txt 192.168.1.12 smb -t 1 hydra -l root -P passwords.txt ssh
Useful default password list
Making custom wordlist from website keywords:
cewlexample.com -m 5 -w words.txt
where cewl is the tool, example.com is the site, -m is to specify the minimum length of the word , -w is to specify the output file
π¨βπ»CewlLast updated