Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers.

Slides:



Advertisements
Similar presentations
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Advertisements

Hacking Web Servers April 15, 2010 MIS 4600 – MBA © Abdou Illia.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Server-Side vs. Client-Side Scripting Languages
1 Chapter 12 Working With Access 2000 on the Internet.
ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.
Session 6 Server-side programming - ASP. An ASP page is an HTML page interspersed with server-side code. The.ASP extension instead of.HTM denotes server-side.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
Web Databases CS263 Lecture The Internet environment Following Fig. Shows the basic environment needed to set up both Intranet and Internet database-enabled.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing
Dynamic Web Pages. Web Programming  All our web pages so far have been static pages. 1. We create a web page 2. We upload it to the web server 3. People.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
Introduction to Web Interface Technology (CSE2030)
Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Guide To UNIX Using Linux Third Edition
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
1 Java Server Pages Can web pages be created specially for each user? What part does Java play?
2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.
Chapter 6: Hostile Code Guide to Computer Network Security.
Hands-On Ethical Hacking and Network Defense
Web Development & Design Foundations with XHTML Chapter 9 Key Concepts.
Linux Operations and Administration
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
1 Web Database Processing. Web Database Applications Static Report Publishing a report is prepared from a database application and exported to HTML DB.
INTRODUCTION TO WEB DATABASE PROGRAMMING
JAVASCRIPT HOW TO PROGRAM -2 DR. JOHN P. ABRAHAM UTPA.
 2000 Deitel & Associates, Inc. All rights reserved. Chapter 24 – Web Servers (PWS, IIS, Apache, Jigsaw) Outline 24.1Introduction 24.2Microsoft Personal.
Workshop 3 Web Application Security Li Weichao March
Server- Side technologies Client-side vs. Server-side scripts PHP basic ASP.NET basic ColdFusion.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Dr. Azeddine Chikh IS444: Modern tools for applications development.
Week 7 Lecture Web Database Development Samuel Conn, Asst. Professor
4-1 INTERNET DATABASE CONNECTOR Colorado Technical University IT420 Tim Peterson.
Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
1 In the good old days... Years ago… the WWW was made up of (mostly) static documents. –Each URL corresponded to a single file stored on some hard disk.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Tutorial 7 Creating Forms. Objectives Session 7.1 – Create an HTML form – Insert fields for text – Add labels for form elements – Create radio buttons.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Active Server Pages  In this chapter, you will learn:  How browsers and servers interacted on the Internet when the Internet first became popular 
Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Web Applications Testing By Jamie Rougvie Supported by.
ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.
CITA 310 Section 7 Installing and Testing a Programming Environment (Textbook Chapter 7)
Hands-On Ethical Hacking and Network Defense 2 nd Edition Chapter 10 Hacking Web Servers Revised
Introduction and Principles Web Server Scripting.
WEB SERVER SOFTWARE FEATURE SETS
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Database Connectivity and Server-Side Scripting Chapter 12.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
CITA 352 Chapter 10 Hacking Web Servers. Understanding Web Applications Writing a program without bugs –Nearly impossible –Some bugs create security vulnerabilities.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
CGS 3066: Web Programming and Design Spring 2016 Introduction to Server-Side Programming.
A S P. Outline  The introduction of ASP  Why we choose ASP  How ASP works  Basic syntax rule of ASP  ASP’S object model  Limitations of ASP  Summary.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Introduction and Principles
PHP / MySQL Introduction
Chapter 27 WWW and HTTP.
Lecture 2 - SQL Injection
Hands-On Ethical Hacking and Network Defense
Web Application Development Using PHP
Presentation transcript:

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Objectives After reading this chapter and completing the exercises, you will be able to: –Describe Web applications –Explain Web application vulnerabilities –Describe the tools used to attack Web servers Hands-On Ethical Hacking and Network Defense, Second Edition2

Understanding Web Applications Writing a program without bugs –Nearly impossible –Some bugs create security vulnerabilities Web applications also have bugs –Larger user base than standalone applications –Bugs are a bigger problem Hands-On Ethical Hacking and Network Defense, Second Edition3

Web Application Components Static Web pages –Created using HTML Same information regardless of time or user Dynamic Web pages –Information varies –Need special components element Common Gateway Interface (CGI) Active Server Pages (ASP) and PHP ColdFusion and JavaScript Database connectors Hands-On Ethical Hacking and Network Defense, Second Edition4

Web Forms Use element or tag in HTML document –Allows customer to submit information to Web server Web servers –Process information from a form using a Web application Easy way for attackers to intercept data users submit –Security testers should recognize when forms are used Hands-On Ethical Hacking and Network Defense, Second Edition5

Web Forms (cont’d.) Web form example: Enter your username: Enter your password: Hands-On Ethical Hacking and Network Defense, Second Edition6

7 Figure 10-1 An HTML Web page with a form

Common Gateway Interface Handles moving data –From Web server to Web browser Dynamic Web pages –Many created with CGI and scripting languages CGI –Determines how Web server passes data to Web browser Relies on Perl or another scripting language to create dynamic Web pages Programs are written in different languages Hands-On Ethical Hacking and Network Defense, Second Edition8

Common Gateway Interface (cont’d.) CGI example written in Perl: #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello Security Testers!"; Hands-On Ethical Hacking and Network Defense, Second Edition9

Active Server Pages Main difference from HTML pages –HTML documents can be displayed on the fly User requests a Web page, one is created Uses scripting languages –JScript –VBScript Has evolved –Largely replaced by ASP.NET Not all Web servers support ASP Hands-On Ethical Hacking and Network Defense, Second Edition10

Active Server Pages (cont’d.) ASP example: My First ASP Web Page Hello, security professionals The time is. Microsoft does not want users to be able to view an ASP Web page’s source code –Makes ASP more secure Hands-On Ethical Hacking and Network Defense, Second Edition11

Apache Web Server Apache –Another Web Server program –Said to run on more than twice as many Web servers as IIS Advantages –Works on just about any *nix and Windows platform –Free Hands-On Ethical Hacking and Network Defense, Second Edition12

Using Scripting Languages Dynamic Web pages –Developed using several scripting languages VBScript JavaScript Macro viruses and worms may take advantage of cross-site scripting vulnerabilities –Most are based on scripting language Hands-On Ethical Hacking and Network Defense, Second Edition13

PHP Hypertext Processor Enables creation of dynamic Web pages –Similar to ASP Open-source server-side scripting language –Embedded in an HTML Web page Using PHP tags browsers –Users cannot see PHP code on their Web browser Originally used mainly on UNIX systems –More widely used now Macintosh and Windows Hands-On Ethical Hacking and Network Defense, Second Edition14

PHP Hypertext Processor (cont’d.) PHP example: My First PHP Program Hello, Security Testers! '; ?> Hands-On Ethical Hacking and Network Defense, Second Edition15

ColdFusion Server-side scripting language –Used to develop dynamic Web pages –Created by the Allaire Corporation Uses proprietary tags –Written in ColdFusion Markup Language (CFML) CFML Web applications –Can contain other technologies (e.g., HTML or JavaScript) Hands-On Ethical Hacking and Network Defense, Second Edition16

ColdFusion (cont’d.) CFML example: Using CFML Hands-On Ethical Hacking and Network Defense, Second Edition17

VBScript Visual Basic Script –Scripting language –Developed by Microsoft –Converts static Web pages into dynamic Web pages Advantage: –Powerful programming language features Microsoft Security Bulletin –Starting point for investigating VBScript vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition18

VBScript (cont’d.) VBScript example: document.write(" Hello Security Testers! ") document.write("Date Activated: " & date()) Hands-On Ethical Hacking and Network Defense, Second Edition19

Hands-On Ethical Hacking and Network Defense, Second Edition20 Figure 10-6 A Web page created with VBScript

JavaScript Popular scripting language Has power of programming language –Branching –Looping –Testing Widely used Variety of vulnerabilities –Exploited in older Web browsers Hands-On Ethical Hacking and Network Defense, Second Edition21

JavaScript (cont’d.) JavaScript example: function chastise_user() { alert("So, you like breaking rules?") document.getElementByld("cmdButton").focus() } Hands-On Ethical Hacking and Network Defense, Second Edition22

Hands-On Ethical Hacking and Network Defense, Second Edition23 JavaScript (cont’d.) JavaScript example (cont’d.): "If you are a Security Tester, please do not click the command button below!" <input type="button" value="Don't Click!" name="cmdButton" onClick="chastise_user()" />

Hands-On Ethical Hacking and Network Defense, Second Edition24 Figure 10-7 A command button created with JavaScript Figure 10-8 An alert message created with JavaScript

Hands-On Ethical Hacking and Network Defense, Second Edition25 Connecting to Databases Most Web pages can display information stored on databases Several technologies –Used connect databases with Web applications Depends on OS Theory is the same

Open Database Connectivity Standard database access method ODBC interface –Allows application to access data stored in a database management system Any system that can understand and issue ODBC commands Interoperability is accomplished by defining: –Standardized representation for data types –Library of ODBC function calls –Standard method of connecting to and logging on Hands-On Ethical Hacking and Network Defense, Second Edition26

Object Linking and Embedding Database Set of interfaces –Enable applications to access data stored in DBMS Designed by Microsoft –Faster, more efficient, and more stable than ODBC Relies on connection strings –Allows application to access data stored on external device Different providers can be used –Depends on data source Hands-On Ethical Hacking and Network Defense, Second Edition27

Hands-On Ethical Hacking and Network Defense, Second Edition28 Table 10-1 OLE DB providers

ActiveX Data Objects Programming interface for connecting Web applications to a database –Defines a set of technologies that allow desktop applications to interact with Web Steps for accessing a database: –Create ADO connection –Open database connection created –Create ADO recordset –Open recordset and select data you need –Close recordset and database connection Hands-On Ethical Hacking and Network Defense, Second Edition29

Hands-On Ethical Hacking and Network Defense, Second Edition30 Understanding Web Application Vulnerabilities Many platforms and programming languages can be used to design a Web site –Application security As important as network security Attackers controlling a Web server can: –Deface the Web site –Destroy company’s database or sell contents –Gain control of user accounts –Perform secondary attacks –Gain root access to other application servers

Hands-On Ethical Hacking and Network Defense, Second Edition31 Application Vulnerabilities Countermeasures Open Web Application Security Project (OWASP) –Not-for-profit organization –Finds and fights Web application vulnerabilities –Publishes Ten Most Critical Web Application Security Vulnerabilities Built into Payment Card Industry (PCI) Data Security Standard (DSS)

Hands-On Ethical Hacking and Network Defense, Second Edition32 Application Vulnerabilities Countermeasures (cont’d.) Top ten Web application vulnerabilities: –Cross-site scripting (XSS) flaws –Injection flaws and malicious file execution –Unsecured direct object reference –Cross-site request forgery (CSRF) –Information leakage and incorrect error handling –Broken authentication and session management –Unsecured cryptographic storage –Unsecured communication –Failure to restrict URL access

Hands-On Ethical Hacking and Network Defense, Second Edition33 Application Vulnerabilities Countermeasures (cont’d.) OWASP WebGoat project –Helps security testers learn how to conduct vulnerability testing on Web applications Figure 10-9 Starting WebGoat

Hands-On Ethical Hacking and Network Defense, Second Edition34 Figure The WebGoat welcome page

Hands-On Ethical Hacking and Network Defense, Second Edition35 Figure The WebGoat Hints menu

Hands-On Ethical Hacking and Network Defense, Second Edition36 Figure WebGoat’s Challenge exercise

Hands-On Ethical Hacking and Network Defense, Second Edition37 Assessing Web Applications Security testers should look for answers to some important questions: –Does the Web application use dynamic Web pages? –Does the Web application connect to a back-end database server? –Does the Web application require authentication of the user? –On what platform was the Web application developed?

Hands-On Ethical Hacking and Network Defense, Second Edition38 Does the Web Application Use Dynamic Web Pages? Static Web pages –Do not create a secure environment IIS attack example –Submitting a specially formatted URL to attacked Web server –IIS does not correctly parse the URL information –Attacker could launch a Unicode exploit t/system32/cmd.exe?/c+dir+c –Attacker can install a Trojan program

Hands-On Ethical Hacking and Network Defense, Second Edition39 Does the Web Application Connect to a Back-end Database Server? Security testers should check for possibility of SQL injection used to attack the system –SQL injection: attacker inserts SQL commands in Web application field SQL injection example: SELECT * FROM customer WHERE tblusername = ' OR "=" AND tblpassword = ' OR "="

Does the Web Application Connect to a Back-end Database Server? (cont’d.) Basic testing should look for: –Whether you can enter text with punctuation marks –Whether you can enter a single quotation mark followed by any SQL keywords –Whether you can get any sort of database error when attempting to inject SQL statements Hands-On Ethical Hacking and Network Defense, Second Edition40

Hands-On Ethical Hacking and Network Defense, Second Edition41 Does the Web Application Require Authentication of the User? Many Web applications require another server (other than the Web server) to authenticate users –Examine how information is passed between the two servers Encrypted channels –Verify logon and password information are stored securely Separate authentication servers introduce a second target

Hands-On Ethical Hacking and Network Defense, Second Edition42 On What Platform Was the Web Application Developed? Several different platforms and technologies can be used to develop Web applications –Attacks differ depending on platform and technology Footprinting is used to discover the OS and DBMS –The more you know about a system, the easier it is to gather information about vulnerabilities

Hands-On Ethical Hacking and Network Defense, Second Edition43 Tools of Web Attackers and Security Testers After vulnerabilities of a Web application or an OS platform are discovered –Security testers or attackers look for tools to test or attack the system All platforms and Web application components have vulnerabilities –No matter which platform is used, there is a security hole and a tool capable of breaking into it

Hands-On Ethical Hacking and Network Defense, Second Edition44 Web Tools Cgiscan.c: CGI scanning tool –Written in C in 1999 by Bronc Buster –Tool for searching Web sites for CGI scripts that can be exploited Figure Compiling and running Cgiscan

Web Tools (cont’d.) Wapiti: Web application vulnerability scanner –Uses a black box approach Doesn’t inspect code –Inspects by searching from outside Ways to take advantage of XSS, SQL, PHP, JSP, and file-handling vulnerabilities –Uses “fuzzing” Trying to inject data into whatever will accept it Hands-On Ethical Hacking and Network Defense, Second Edition45

Web Tools (cont’d.) Wfetch: GUI tool that queries status of Web server –Attempts authentication using: Multiple HTTP methods Configuration of hostname and TCP port HTTP 1.0 and HTTP 1.1 support Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiate authentication types Multiple connection types Proxy support and client-certificate support Capability to enter requests manually or read from file Onscreen and file-based logging Hands-On Ethical Hacking and Network Defense, Second Edition46

Hands-On Ethical Hacking and Network Defense, Second Edition47 Figure Using the Wfetch program

Summary Web applications –Can be developed on many platforms HTML pages can contain forms, ASP, CGI, and scripting languages Static pages –Many replaced by dynamic pages Dynamic Web pages are created using CGI, ASP, etc. Web forms –Allow developers to create Web pages with which visitors can interact Hands-On Ethical Hacking and Network Defense, Second Edition48

Summary (cont’d.) Web applications –Use a variety of technologies to connect to databases (e.g., ODBC, OLE DB, and ADO) You can install IIS –Test Web pages in Windows Web application vulnerabilities –Can have damaging consequences Conducting security tests on Web applications –Various considerations Hands-On Ethical Hacking and Network Defense, Second Edition49

Summary (cont’d.) Web applications that connect to databases –Might be vulnerable to SQL injection exploits Many tools for testing Web application vulnerabilities are available –Wfetch –Wapiti –OWASP open-source software Hands-On Ethical Hacking and Network Defense, Second Edition50

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.