Hacking Web Servers
A web server, which can be referred to as the hardware, the computer, or the software, is the computer application that helps to deliver content that can be accessed through the Internet. Most people think a web server is just the hardware computer, but a web server is also the software computer application that is installed in the hardware computer. The primary function of a web server is to deliver web pages on the request to clients using the Hypertext Transfer Protocol (HTTP).
The objective of this lab is to help students learn to detect unpatched security flaws, verbose error messages, and much more. The objectives of this lab include:
Today, most online services are implemented as web applications. Online banking, web search engines, email applications, and social networks are just a few examples of such web services. Web content is generated in real time by a software application running at server-side. So hackers attack on the web server to steal credential information, passwords, and business information by using DoS (DDos) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks. In the area of web security, despite strong encryption on the browser-server channel, web users still have no assurance about what happens at the other end.
We present a security application that augments web servers with trusted co-servers composed of high-assurance secure coprocessors, configured with a publicly known guardian program. Web users can then establish their authenticated, encrypted channels with a trusted co-server, which then can act as a trusted third party in the browser-server interaction. Systems are constantly being attacked, and IT security professionals need to be aware of common attacks on the web server applications. Attackers use sniffers or protocol analyzers to capture and analyze packets. If data is sent across a network in clear text, an attacker can capture the data packets and use a sniffer to read the data. In other words, a sniffer can 'eavesdrop' on electronic conversations.
A popular sniffer is Wireshark, which is also used by administrators for legitimate purposes. One of the challenges for an attacker is to gain access to the network to capture the data. If attackers have physical access to a router or switch, they can connect the sniffer and capture all traffic going through the system. Strong physical security measures help mitigate this risk.
As a penetration tester and ethical hacker of an organization, you must provide security to the company's web server. You must perform checks on the web server for vulnerabilities, misconfigurations, unpatched security flaws, and improper authentication with external systems.
Hacking Web Servers Exercises
Ethical Hacking Exercises / Hacking Web Servers contains the following Exercises:
- Footprinting Webserver Using the httprecon Tool
- Footprinting a Webserver Using ID Serve
The Virtual Private Cloud for this Lab set utilizes:
Ethical Hacking Exercises are available as part of the following subscription:
The Exercises in this lab map to the Certified Ethical Hacker V10 Course. Each subscription provides 6 months of access to 107 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise.
Lab exercises are included for:
- Footprinting and Reconnaissance
- Scanning Networks
- Vulnerability Analysis
- System Hacking
- Malware Threats
- Social Engineering
- Denial of Service
- Session Hijacking
- Evading IDS Firewalls and Honeypots
- Hacking Web Servers
- Hacking Web Applications
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Cloud Computing