< All Penetration Testing and Ethical Hacking (Archive) Notes

Joshua | Penetration Testing and Ethical Hacking | Module 12 - Hacking Web Servers

By: Joshua | Related Course: Penetration Testing and Ethical Hacking (Archive) | Published: March 30, 2018 | Modified: March 30, 2018
Join Cybrary

NotepadDirbuster

Kali Linux

Web Crawler section go to Directory buster

GUI…..put in the target URL

Scanning type 

-List base Brute Force

search directory list 

snag one and put it in the list file section

-Full Brute Force

You can be pretty granular how you want to go

Then set it and forget it and it takes awhile

tree view looks like it would be beneficial due to hierarchal.

Very good recon tool


NotepadWeb server theory

Products

-IIS

-Apache

-Nginx

-Google

-Lightspeed

Impact

-Web Defacement

-Compromise(s)

-Data Tampering

-” ” Theft

-Pivot Points

Techniques

-Directory Traversal

-HTTP Response Splitting

-Web Cache Poison – insert your own malicious code-

-SSH Brute Force – if you can get inside the encryption tunnel-

-MITM

-Password Cracking (DBH)

-Form Tampering

-CMD Injection

-Cookie Tamper

-Buffer Overflow

-Dos

-Cross-site request forgery

-SQL injection

-XSS

-Session Hijack

Why

-Unnecessary files, Backups

-Sec conflict v.s. Functionality

-Default Setting

-Permissions (RWX)

-Misconfigurations

-Default Accts (01 = Admin)

-Security Flaws / Bugs

– Temp SSL

-Improper Auth

– No Hardening

-Joomla, Drupal, Wordpress

-Verbose Errors

-Anonymous users

-Sample configs/ scripts

-Remote admin

-Unnecessary services

-Misconfigurations

Method

1. Info Gather

2. Footprint

3. Mirroring * probably better to use mapping*

4. Vuln Scan

5. Exploitation (Metasploit)

Countermeasures

-Patches

-Alt sites/servers

-Test in non-production env

-backups

-hire me to do pen testing

-Protocol analysis

-Monitor accts

-Monitor Files/Dir

-Encryption

-Good Architecture

-Vuln Scan (Nikto, Nessus)

-DLP -Data loss prevention

Change management should be proactive and be saving money.


NotepadWPScan

Wordpress scanner

pretty much a WordPress vulnerability scan

#Wordpressscan


< All Penetration Testing and Ethical Hacking (Archive) Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel