Hacking WebServers

Welcome back to the session of learning ABC of Ethical Hacking. Objective of this post is to describe Web applications, Explain Web application
vulnerabilities, Describe the tools used to attack Web servers , Countermeasures and Increasing Web Server Security.

Mainly there are two main Web servers are Apache (Open source) and IIS (Microsoft).

First of all we have to understand that every program is vulnerable. It is nearly impossible to write a program without bugs.Some bugs create security vulnerabilities simillar to this Web applications also have bugs.Web applications have a larger user base than standalone applications so
Bugs are a bigger problem for Web applications. So firstly we study about components of web application later on we move to vulnerability .

Hacking WebServers

Hacking WebServers

Web Application Components

Lets discuss some web application components  which is necessary to understand the Web applications

  • Static Web pages
  • Created using HTML
  • Dynamic Web pages
  • Need special components <form> tags
  • Common Gateway Interface (CGI) scripts
  • Active Server Pages (ASP)
  • PHP
  • ColdFusion
  • Scripting languages like JavaScript VBscript etc
  • ODBC (Open Database connector)

Common Gateway Interface (CGI)
Handles moving data from a Web server to a Web browser. The majority of dynamic Web pages are created with CGI and scripting languages
Describes how a Web server passes data to a Web browser. It relies on Perl or another scripting language to create dynamic Web pages.
CGI Languages – CGI programs can be written in different programming and its also need some scripting languages

  • C or C++
  • Perl
  • Unix shell scripting
  • Visual Basic
  • FORTRAN

Active Server Pages (ASP)

We all says in small form known as ASP DOT NET. HTML pages are static—always the same means they users cant query to the static pages.
ASP creates HTML pages as needed.  They are not static , ASP uses scripting languages such as JScript or VBScript. Although all Web servers  does not support  ASP. IIS supports ASP andApache doesn’t support ASP as well
You can’t see the source of an ASP page from a browser. This makes it harder to hack into, although not impossible

ColdFusion

Server-side scripting language used to develop dynamic Web pages. Uses its own proprietary tags written in ColdFusion Markup Language (CFML). CFML Web applications can contain other technologies, such as HTML or JavaScript

VBScript
Visual Basic Script is a scripting language developed by Microsoft. You can insert VBScript commands into a static HTML page to make it dynamic. It also Provides the power of a full programming language Executed by the client’s browser

JavaScript
Ita a very Popular scripting language and JavaScript also has the power of a programming language functions like Branching , Looping, Testing and Connecting to Databases

Now we talk about Database connectivity. For hacking a web servers we have to learn about Database.
Web pages can display information stored on databases. There are several technologies used to connect databases with Web applications
Technology depends on the OS used

  1. ODBC
  2. OLE DB
  3. ADO

Open Database Connectivity (ODBC)

Standard database access method developed by the SQL Access Group. ODBC interface allows an application to access. Data stored in a database management system (DBMS). Can use Oracle, SQL, or any DBMS that understands and can issue ODBC commands
Interoperability among back-end DBMS is a key feature of the ODBC interface. ODBC defines Standardized representation of data types, A library of ODBC functions and Standard methods of connecting to and logging on to a DBMS

OLE DB and ADO
Object Linking and Embedding Database (OLE DB) and ActiveX Data Objects (ADO)
These two more modern, complex technologies replace ODBC and make up”Microsoft’s Universal Data Access“

Understanding Web Application Vulnerabilities
Many platforms and programming languages can be used to design a Web site. Application security is as important as network security
Attackers controlling a Web server can

  1. Deface the Web site
  2. Destroy or steal company’s data
  3. Gain control of user accounts
  4. Perform secondary attacks from the Web site
  5. Gain root access to other applications or servers

Open Web Application Security Project (OWASP)
OWASP is an Open source ,  not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications
It Publishes the Ten Most Critical Web Application Security Vulnerabilities. Its worth-full for us

Top-10 Web application vulnerabilities

  1. Unvalidated parameters HTTP requests from browsers that are not validated by the Web server Inserted form fields, cookies, headers, etc.
  2. Broken access control
  3. Developers implement access controls but fail to test them properly .For example, letting an authenticated user read another user’s files
  4. Broken account and session management .Enables attackers to compromise passwords or session cookies to gain access to accounts
  5. Cross-site scripting (XSS) flaws – Attackers inject code into a web page, such as a forum or guestbook. When others user view the page, confidential information is stolen
  6. Buffer overflows – It is possible for an attacker to use C or C++ code that includes a buffer overflow
  7. Command injection flaws – An attacker can embed malicious code and run a program on the database server. Example: SQL Injection
  8. Error-handling problems – Error messages may reveal information that an attacker can use
  9. Insecure use of cryptography – Storing keys, certificates, and passwords on a Web server can be dangerous
  10. Remote administration flaws – Attacker can gain access to the Web server through the remote administration interface

Remaining topics shoul be cover in our next post i.e Hacking web server 2

No Responses to “Hacking WebServers”
  1. Pingback: Hacking Webservers 2 | Crazy Learner September 19, 2013