Web Server Attack Methodology

00:01

everyone. Welcome back to the course and this video. Where to go over the Web server attack methodology. So we'll talk about,

00:06

uh, the Web server attack methodology. We'll also talk about why Web servers might be compromised.

00:13

So why our Web servers compromise? Well, it could be a variety of reasons. Could be things like setting improper file or directory permissions could be using default settings. So installing server with default settings or default credentials and keeping those enabled could be a lack of security policies and procedures. Could be

00:31

having unnecessary services enabled

00:34

eso things like content management or remote administration. So our our DAB

00:38

could be application bugs. So bugs in the actual server software itself for the operating system and use or even some of the Web applications

00:47

could be mis configuration could. So it could be mis configuration around cryptography. So things like Miss Configured SSL or TLS certificates or other encryption settings

00:58

and could also be an issue of using things like self science certificates or using default certificates

01:03

could be unnecessary. Backups or default, or keeping the same like sample files could be keeping that information on there could be using a default accounts. We talked about default credentials, but keep it could be keeping like default accounts that are created

01:19

with no passwords.

01:23

So in the Web server attack methodology, we have several steps. So number one being information gathering assed part of that foot printing, mirroring vulnerability, scanning session hijacking and then password cracking.

01:34

So let's talk about each one of these. So information gathering or reconnaissance theater actor might find open source intelligence in various locations. Um, they could get us from Google searching. They could get it from just the who is database to find information about your servers

01:49

they could. Like I said, Do the Google Dorking. Um, they could get information from the robots that txt file on your on your Web server.

01:59

So with Web server foot printing the Attackers able to get information like account information, operating system information, the version of software that we're using or the application versions were using, uh, server names could be getting information around like the database shema

02:15

and they can use tell Net as one of the many ways to go ahead and footprint. The Web server on DSO that might kick back some information about like the actual server name server type A zit. We talked about before the operating system and use any applications that might be writing on there and the version of those applications.

02:32

And you could use many different tools for this. Http. Re kon net craft I d servas another one as his and map. Next, we have marrying a website s. So this is where the attacker can get information where they essentially they're They're making the website to create a profile of the sites directory structure,

02:53

eso things like the file structure,

02:54

any external links, etcetera, etcetera. And the attacker can also look for comments or other items that might be in that HTML source code to help make their footprint activities a little bit easier. And you can use many tools for this HD track being a common one as well as black widow.

03:12

So vulnerability Scanning. This allows the attacker to identify weaknesses in the network.

03:16

Andi determined, basically, can that system actually be exploited?

03:21

So, one of the common things we're looking for here are miss configurations that as well as like outdated content or software, a swell is known vulnerabilities. We may find some common vulnerabilities that we can easily exploit.

03:35

And the attacker is also going to try to sniff the network traffic to find if there's any active systems, identify applications or network services. A swell as identifying vulnerabilities. Sosin Hijacking Where the attacker sniffing the valid session I. G. S. And the goal is to get all unauthorized access to the Web server a server, and actually go ahead and sniff the data. Um,

03:54

could be many ways that the attacker does. This could be session side jacking,

03:59

cross site scripting. Um,

04:01

could be, uh, session fixation attacks one of the goals to capture valid session cookies or I D. S and using tools like Burp suite is, um or a very common one. A swell is like fire sheep or even J hijack

04:15

and then Web server password cracking. So using techniques we we have talked about before, like brute forcing dictionary tax, etcetera, etcetera. And we can use tools like THC, hydra as well as Brutus for this. So just a quick, quick question here for you Website marrying tools include all the following tools except which one is a black widow and map or h T track.

04:39

All right, if you just end? Matthew are correct again. Black widow in HD track or some common ones for website mirroring.