Chapter 6 - Web-Based Hacking: Servers & Apps Flashcards
IETF
Internet Engineering Task Force - Creates engineering documents to help make the internet work better
W3C
World Wide Web Consortium - A standards-developing community
OWASP
Open Web Application Security Project - Organization focused on improving the security of software.
Web Server attack Methodology
Information Gathering (Whois), Footprinting (banner grab), Website mirroring, Vulnerability Scanning, Session Hijacking, Password Cracking
Banner Grab
Method for web server footprinting
Netcraft
Web server footprinting tool
HTTPRecon
Web server footprinting tool
ID Serve
Web server footprinting tool
nmap
Powerful footprinting tool
nmap -script http-trace -p80 localhost.
Detects vulnerable TRACE method
nmap -script http-google-email
Lists email addresses
nmap -script hostmap-*
Discovers virtual hosts on the IP address you are tryingto footprint; * is replaced by online database
nmap -script http-enum -p80
enumerates common web apps
nmap -p80 -script http-robots.txt
Grabs the robots.txt file
Nikto
Vulnerability scanner specifically suited for web servers
Wget
Website mirroring tool
Black Widow
Website mirroring tool
HTTrack
Website mirroring tool
WebCopier Pro
Website mirroring tool
Web Ripper
Website mirroring tool
SurfOffline
Website mirroring tool
HTTPrint
Website mirroring tool
What is N-Tier Architecture?
Distributes processes across multiple servers; normally as three tier: Presentation (web), logic (application), and data (database)
What is WebGoat
Project maintained by OWASP which is an insecure web app meant to be tested.
Http request: GET
retrieves whatever information is in the URL; sending data is done in URL
Http Request: HEAD
identical to get except for no body in return
Http Request: POST
sends data ia body - data not shown in URL or in history
Http Request: PUT
Requests data be stored at the URL
Http Request: DELETE
Requests origin server delete resource
Http Request: TRACE
Requests application layer loopback of message
Http Request: CONNECT
Reserved for use with proxy (Post and Get can be manipulated by proxy)
HTTP Error: 1xx
Informational - request received, continuing
HTTP Error: 2xx
Success - Action received, understood and accepted
HTTP Error: 3xx
Redirection - Further action must be taken
HTTP Error 4xx
Client Error - Request contains bad syntax or cannot be fulfilled
HTTP Error 5xx
Server Error.- server failed to fulfill an apparently valid request
Web Server Attack: DNS Amplification
Uses recursive DNS to DoS a target; Amplifies DNS answers to target until it can’t do anything.
Web Server Attack: Directory Transversal
requests file that should not e accessible from web server. Example: http://www.example.com/etc/passwd
Web Server Attack: Parameter Tampering (URL Tampering)
Manipulating parameters within URL to achieve escalation or other changes.
Web Server Attack: Hidden Field Tampering
Modifying hidden form fields producting unintended results (Example: Look at source code and change price of item to $0.00
Web Server Attack: Web Cache Poisoning
Replacing the cache on a box with a malicious version of it
Web Server Attack: Misconfiguration Attack
Same as before - improper configuration of a web server
Web Server Attack: Password Attack
Attempting to crack passwords related to web resources
Web Server Attack: Connection String Parameter Pollution
Injection attack that uses semicolons to take advantage of databases that use this separation method.
Web Server Attack: Web Defacement
Simply modifying a web page to say something else
Brutus
Tool for attacking web server. Brute force passwords of HTTP
Hydra
Network login cracker
WFETCH
Microsoft tool that allows you to craft HTTP requests ot see response data (BURP does this too)