Embedded Files
A web server, which can be referred to as the hardware, the computer, or the software, is the computer application that helps to deliver content that can be accessed through the Internet. Most people think a web server is just the hardware computer, but a web server is also the software computer application that is installed on the hardware computer. The primary function of a web server is to deliver web pages on the request to clients using the Hypertext Transfer Protocol (HTTP).
Module Objective
Module Objective
Lab Objectives
Lab Objectives
The objective of this lab is to help students learn to detect unpatched security flaws, verbose error messages, and much more.
The objective of this lab is to:
Footprint web servers
Crack remote passwords
Detect unpatched security flaws
Scenario
Scenario
Today, most of the online services are implemented as web applications. Online banking, web search engines, email applications, and social networks are just a few examples of such web services. Web content is generated in real time by a software application running at server-side. So hackers attack the web server to steal credential information, passwords, and business information by DoS (DDoS) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks. In the area of web security, despite strong encryption on the browser-server channel, web users still have no assurance about what happens at the other end. We present a security application that augments web servers with trusted co-servers composed of high-assurance secure coprocessors, con?gured with a publicly known guardian program. Web users can then establish their authenticated, encrypted channels with a trusted co-server, which then can act as a trusted third party in the browser-server interaction. Systems are constantly being attacked, and IT security professionals need to be aware of common attacks on the web server applications. Attackers use sniffers or protocol analyzers to capture and analyze packets. If data is sent across a network in clear text, an attacker can capture the data packets and use a sniffer to read the data. In other words, a sniffer can eavesdrop on electronic conversations. A popular sniffer is Wireshark, It’s also used by administrators for legitimate purposes. One of the challenges for an attacker is to gain access to the network to capture the data. If attackers have physical access to a router or switch, they can connect the sniffer and capture all traffic going through the system. Strong physical security measures help mitigate this risk.
As a penetration tester and ethical hacker of an organization, you must provide security to the company’s web server. You must perform checks on the web server for vulnerabilities, misconfigurations, unpatched security flaws, and improper authentication with external systems.
Module Syllabus
Module Syllabus
Web server Market Shares
Open Source Web server Architecture
IIS Web server Architecture
Website Defacement
Case Study
Why are Web Servers Compromised?
Impact of Web server Attacks
Web server Misconfiguration
Example
Directory Traversal Attacks
HTTP Response Splitting Attack
Web Cache Poisoning Attack
HTTP Response Hijacking
SSH Bruteforce Attack
Man-in-the-Middle Attack
Web server Password Cracking
Web server Password Cracking Techniques
Web Application Attacks
Web server Attack Methodology
Information Gathering
Web server Footprinting
Web server Footprinting Tools
Mirroring a Website
Vulnerability Scanning
Session Hijacking
Hacking Web Passwords
Web server Attack Tools
Metasploit
Metasploit Architecture
Metasploit Exploit Module
Metasploit Payload Module
Metasploit Auxiliary Module
Metasploit NOPS Module
Wfetch
Web Password Cracking Tool
Brutus
THC-Hydra
Countermeasures
Patches and Updates
Protocols
Accounts
Files and Directories
How to Defend Against Web Server Attacks?
How to Defend against HTTP Response Splitting and Web Cache Poisoning?
Patches and Hotfixes
What is Patch Management?
Identifying Appropriate Sources for Updates and Patches
Installation of a Patch
Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
Patch Management Tools
Web Application Security Scanner: Sandcat
Web Server Security Scanner: Wikto
Web server Malware Infection Monitoring Tool: HackAlert
Web server Security Tools
Web Server Penetration Testing
Report abuse