Hands-On Ethical Hacking and Network Defense
HANDSON ETHICAL HACKING AND NETWORK DEFENSELesson 10Hacking Web Servers OBJECTIVESCollection InformationDescribe Web applicationsExplain Web application vulnerabilitiesDescribe the tools used to attack Web servers2 3Hands-On Ethical Hacking and Network Defense 4Hands-On Ethical Hacking and Network Defense UNDERSTANDING WEB APPLICATIONSIt is nearly impossible to write a program without bugsSome bugs create security vulnerabilitiesWeb applications also have bugsWeb applications have a larger user base than standalone applicationsBugs are a bigger problem for Web applications5 WEB APPLICATION COMPONENTSStatic Web pagesCreated using HTMLDynamic Web pagesNeed special components<form> tagsCommon Gateway Interface (CGI)Active Server Pages (ASP)PHPColdFusionScripting languagesDatabase connectors6 WEB FORMSUse the <form> element or tag in an HTML documentAllows customer to submit information to the Web serverWeb servers process information from a Web form by using a Web applicationEasy way for attackers to intercept data that users submit to a Web server7 WEB FORMS (CONTINUED)Web form example<html><body><form>Enter your username:<input type="text" name="username"><br>Enter your password:<input type="text" name="password"></form></body></html>8 9 COMMON GATEWAY INTERFACE (CGI)Handles moving data from a Web server to a Web browserThe majority of dynamic Web pages are created with CGI and scripting languagesDescribes how a Web server passes data to a Web browserRelies on Perl or another scripting language to create dynamic Web pagesCGI programs can be written in different programming and scripting languages10 [...]... ON WHAT PLATFORM WAS THE WEB APPLICATION DEVELOPED? Several different platforms and technologies can be used to develop Web applications Attacks differ depending on the platform and technology used to develop the application Footprinting is used to find out as much information as possible about a target system The more you know about a system the easier it is to gather information about its vulnerabilities 45 OPEN DATABASE CONNECTIVITY (ODBC) Standard database access method developed by the SQL Access Group ODBC interface allows an application to access Data stored in a database management system Any system that understands and can issue ODBC commands Interoperability among backend DBMS is a key feature of the ODBC interface 23 48 UNDERSTANDING WEB APPLICATIONS It is nearly impossible to write a program without bugs Some bugs create security vulnerabilities Web applications also have bugs Web applications have a larger user base than standalone applications Bugs are a bigger problem for Web applications 5 ... APACHE WEB SERVER Tomcat Apache is another Web Server program Tomcat Apache hosts anywhere from 50% to 60% of all Web sites Advantages Works on just about any *NIX and Windows platform It is free Requires Java 2 Standard Runtime Environment (J2SE, version 5.0) 15 ON WHAT PLATFORM WAS THE WEB APPLICATION DEVELOPED? Several different platforms and technologies can be used to develop Web applications Attacks differ depending on the platform and technology used to develop the application Footprinting is used to find out as much information as possible about a target system The more you know about a system the easier it is to gather information about its vulnerabilities 45 ... OBJECT LINKING AND EMBEDDING DATABASE (OLE DB) OLE DB is a set of interfaces Enables applications to access data stored in a DBMS Developed by Microsoft Designed to be faster, more efficient, and more stable than ODBC OLE DB relies on connection strings Different providers can be used with OLE DB depending on the DBMS to which you want to connect 25 17 TOOLS OF WEB ATTACKERS AND SECURITY TESTERS Choose the right tools for the job Attackers look for tools that enable them to attack the system They choose their tools based on the vulnerabilities found on a target system or application 46 ... PHP: HYPERTEXT PROCESSOR (PHP) Enables Web developers to create dynamic Web pages Similar to ASP Opensource serverside scripting language Can be embedded in an HTML Web page using PHP tags <? php and ?> Users cannot see PHP code on their Web browser Used primarily on UNIX systems Also supported on Macintosh and Microsoft platforms 19 35 OBJECTIVES Collection Information Describe Web applications Explain Web application vulnerabilities Describe the tools used to attack Web servers 2 ... 3 H a n d s - O n E t h i c a l H a c k i n g a n d N e t w o r k D e f e n s e APPLICATION VULNERABILITIES COUNTERMEASURES (CONTINUED) Top10 Web application vulnerabilities (continued) Broken account and session management Enables attackers to compromise passwords or session cookies to gain access to accounts Crosssite scripting (XSS) flaws Attacker can use a Web application to run a script on the Web browser of the system he or she is attacking Buffer overflows It is possible for an attacker to use C or C++ code that includes a buffer overflow 30 ... UNDERSTANDING WEB APPLICATIONS It is nearly impossible to write a program without bugs Some bugs create security vulnerabilities Web applications also have bugs Web applications have a larger user base than standalone applications Bugs are a bigger problem for Web applications 5 DOES THE WEB APPLICATION CONNECT TO A BACKEND DATABASE SERVER? (CONTINUED) Basic testing should look for Whether you can enter text with punctuation marks Whether you can enter a single quotation mark followed by any SQL keywords Whether you can get any sort of database error when attempting to inject SQL 43 ... ACTIVEX DATA OBJECTS (ADO) ActiveX defines a set of technologies that allow desktop applications to interact with the Web ADO is a programming interface that allows Web applications to access databases Steps for accessing a database from a Web page Create an ADO connection Open the database connection you just created Create an ADO recordset Open the recordset Select the data you need Close the recordset and the connection 27 . HANDSON ETHICAL HACKING AND NETWORK DEFENSELesson 1 0Hacking Web Servers OBJECTIVESCollection InformationDescribe Web applicationsExplain Web application vulnerabilitiesDescribe the tools used to attack Web servers2 3Hands-On Ethical Hacking and Network Defense 4Hands-On Ethical Hacking and Network Defense UNDERSTANDING WEB APPLICATIONSIt is nearly impossible to write a program without bugsSome bugs create security vulnerabilitiesWeb applications also have bugsWeb applications have a larger user base than standalone applicationsBugs are a bigger problem for Web applications5 WEB APPLICATION COMPONENTSStatic Web pagesCreated using HTMLDynamic Web pagesNeed special components<form> tagsCommon Gateway Interface (CGI)Active Server Pages (ASP)PHPColdFusionScripting languagesDatabase connectors6 WEB FORMSUse the <form> element or tag in an HTML documentAllows customer to submit information to the Web serverWeb servers process information from a Web form by using a Web applicationEasy way for attackers to intercept data that users submit to a Web server7 WEB FORMS (CONTINUED)Web form example<html><body><form>Enter. HANDSON ETHICAL HACKING AND NETWORK DEFENSELesson 1 0Hacking Web Servers OBJECTIVESCollection InformationDescribe Web applicationsExplain Web application vulnerabilitiesDescribe the tools used to attack Web servers2 3Hands-On