Chapter 8: Web Hacking: Google, Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques
Password Cracking Types
- Dictionary - Brute force - Hybrid
Stages of a Web Attack
-Scanning -Information Gathering -Testing -Planning the Attack -Launching the Attack
Web Application Threats
Cross-site scripting - A parameter entered into a web form is processed by the web application. The correct combination of variables can result in arbitrary command execution.
Web Application Hacking Countermeasures
Cross-site scripting - Validate cookies, query strings, form fields, and hidden fields.
Directory traversal / Unicode Countermeasure
Define access rights to private folders on the web server. Apply patches and hotfixes.
Cookie poisoning and snooping Countermeasure
Don't store passwords in a cookie. Implement cookie timeouts, and authenticate cookies.
Brute force
Guesses complex passwords that use letters, numbers, and special characters
Buffer overflow
Huge amounts of data are sent to a web application through a web form to execute commands.
SQL injection
Inserting SQL commands into the URL gets the database server to dump, alter, delete, or create information in the database.
Directory traversal / Unicode
The hacker browses through the folders on a system via a web browser or Windows explorer.
Cookie poisoning and snooping
The hacker corrupts or steals cookies.
Command injection
The hacker inserts programming commands into a web form.
Authentication hijacking
The hacker steals a session once a user has authenticated.
Authentication hijacking Countermeasure
Use SSL to encrypt traffic.
Command injection Countermeasure
Use language-specific libraries for the programming language.
Hybrid
Uses dictionary words with a number or special character as a substitute for a letter
Dictionary
Uses passwords that can be found in a dictionary
Buffer overflow Countermeasure
Validate user input length, and perform bounds checking.
SQL injection Countermeasure
Validate user variables
Web Server Hardening Techniques (Cont'd)
• Add a legal notice to the site to make potential attackers aware of the implications of hacking the site. • Apply the most current patches, hotfixes, and service packs to the operating system and web server software. • Perform bounds-checking on input for web forms and query strings to prevent buffer overflow or malicious input attacks. • Disable remote administration.
Web Application Hacking Tools (Cont'd)
• BlackWidow • SiteScope • WSDigger • Burp
Common Web Server Attacks
• Capturing administrator credentials through man-in-the middle attacks • Revealing an administrator password through a brute force attack • Using a DNS attack to redirect users to a different web server • Compromising an FTP or e-mail server • Exploiting web application bugs that result in a vulnerability • Misconfiguring web shares • Taking advantages of weak permissions
Some More Common Web Server Attacks
• Carrying out URL poisoning, which redirects the user to a different URL • Using web server extension or remote service intrusion • For cookie-enabled security—Intercept the communication between the client and the server and change the cookie to make the server believe that there is a user with higher privileges
Web Application Hacking Tools
• Instant Source • Wget • WebSleuth
Common Web Server Vulnerabilities
• Misconfiguration of the web server software • Operating system or application bugs, or flaws in programming code
Web Server Hacking Tools
• N-Stalker Web Application Security Scanner • The Metasploit framework • CORE IMPACT and SAINT Vulnerability Scanner
Web Server Hardening Techniques
• Rename the administrator account, and use a strong password. • Disable default websites and FTP sites. • Remove unused applications from the server, such as WebDAV. • Disable directory browsing in the web server's configuration settings.
Common Web Server Attacks (Cont'd)
• Rerouting a client after a firewall or router attack • Using SQL injection attacks (if the SQL server and web server are the same system) • Using Telnet or Secure Shell (SSH) intrusion
Some More Web Server Hardening Techniques
• Use a script to map unused file extensions to a 404 ("File not found") error message. • Enable auditing and logging. • Use a firewall between the web server and the Internet and allow only necessary ports (such as 80 and 443) through the firewall. • Replace the GET with POST method when sending data to a web server.
Common Web Server Vulnerabilities (Cont'd)
• Vulnerable default installation of operating system and web server software, and/or lack of patch management to update operating system or web server software • Lack of or not following proper security policies and procedures
