- web servers
- components
- document root (HTML files or resources served in response to a request)
- server root (server's related resources: server configurations, executables, log files)
- virtual document tree (storage on a different machine or disk after the original disk is filled up)
- virtual hosting (technique to hosting multiple domains on the same server)
- web proxy (proxy server between web client and web server)
- they are expecially vulnerable beacuse are publicy visible on the internet
- LAMP (Linux, Apache, MySQL, PHP)
- IIS (Internet Information Server)
- security flaws
- Failing to update the web server with the latest patches
- Using the same system administrator credentials everywhere
- Allowing unrestricted internal and outbound traffic
- Running unhardened applications and servers
- attacks' impact
- compromise of user account
- website defacement
- secondary attacks from website
- root access to other applications or server
- data tampering
- data theft
- damage reputation of the company
- components
- attacks
- DoS/DDoS
- DNS server hijacking
- DNS amplification attack
- directory traversal attack (it uses '../' syntax to access private folders)
- it is possibile to encode in unicode the character '/' with '%c0%'
- there are many unicode exploits out there
- MITM/Sniffing attack
- phishing attack
- website defacement
- HTTP response-splitting attack
- web cache poisoning attack
- SSH brute force attack
- web server password cracking
- SSRF (Server Side Request Forgery)
- web server attack methodology
- information gathering
WHOis- robots.txt
- can give us useful information about folders that the administrator does not want to index on search engines
- web server footprinting/banner grabbing
netcattelnetNetcrafthttpreconnmap
- website mirroring
- find default credentials (cirt.net)
- directory bruteforcing: find default content (
nikto) - find directory listing
- vulnerability scanning
- session hijacking
burp
- web server password hacking
hashcathydra
- information gathering
- Server side includes injections
- SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user.
- The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields: https://owasp.org/www-community/attacks/Server-Side_Includes_(SSI)_Injection
- Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml.
- metasploit
- exploit module
- countermeasures
- Place Web Servers in Separate Secure Server Security Segment on Network
- patch management (automated patch management system)
- Detect -> assess -> acquire -> test -> deploy -> maintain
- secure protocols using best practices
- secure accounts using best practices
- secure files and directories using best practices
- website change detection system
- web server security scanners
- UDP source port randomization defends servers against blind response forgery
- WHOis
- netcat
- telnet
- Netcraft
- httprecon
- idserve
- ncollector studio
- acunetix web vulnerability scanner
- hashcat
- burp
- brutus
- hydra
- nikto2
- metasploit
- armitage (graphical version of metasploit)
- Immunity’s CANVAS