Hacking of web servers - Hacking For Dummies (2015)

Hacking For Dummies (2015)

Chapter 4- Hacking of web servers

The Web Server can be categorized as the programs which use the HTTP (Hyper Text Transfer Protocol). The web server configures the different kind of web pages. The web servers deal with various kinds of HTML documents including the images, objects, Scripts and Text.

The Web server comprises of an IP address and a specific domain name. For instance, if you type the URLhttp://www.beginnerguide.co./mobile.html in the browser tab, it will enter an appeal to the server which exists with the domain name is beginnerguide.co. The server will then precede this application and will get access to this page. The browser will send this page to the user who requested for this URL.

Any computer SYYSTEM can be converted into a working Web server. It will require installing various server soft wares. After installation the respective machine will be connected to the internet.

A number of different applications for the Web server are available in the web server market.

In order to setup a Web Server the software which are available may include:

ü IIS

ü Apache

The working of Web server

While using your personal computer, laptops or any other electronic gadget, you can surf millions of websites all over the world. All you need is to type the URL in browser and enter it. No matter which ever URL you request, it will appear on the screen. The geographical or virtual location does not matter in this case.

In this phase the web browser has actually formed a connection with the web server, requests the specified page and makes it available for the end user.

Login Process for the websites

Different websites allow different accounts in order to Login for a particular account. When you type these URL in the task bar the server will direct you to the website.

For signing in to the account the user specifies the password, username and other details. These ultimately allow the user to get access to the account.

Web Server responds to these passwords and Usernames and sends those forwards to the major Database server.

Database server then senses these passwords and Usernames, and carry an analysis to authenticate the access. The different kinds of table checking enable the access to server account.

Web Server makes use of the Authentication results which are provided by the Database Server. The eventual results of authentication will send the user to the requested page.

If the Authentication is complete, the sign in process will be initiated, otherwise the user will be requested to provide the information again.

Type of hacking attacks on web servers

There are multiple types of web servers attacks which can extend towards these sever by many different types of hackers. Some of these include:

Ø Web Ripping

Web Ripping deals with media files and pictures. When a hacker is for web ripping he finds these files and pictures on certain URL and extracts these in a particular way. These pictures are then saved in the hard drive of the hacker’s computer.

Web Ripping also enables an in depth copying of the website profile. This profile is then shifted to the local disk. It enables the malicious access to the links and fields of the website.

In case of web ripping the most efficient tool being used is the Black Windows Web ripper.

Ø SQL Injection

The hackers which make use of SQL injection are usually aware of the vulnerabilities which are part of the web server. The hackers exploit these vulnerabilities, which eventually lead to the permission and access to the database. The database can then be read, altered or modified.

The example of the SQL injection hacking attack involves enabling a true the condition by feeding the similar value into the web page. These

Values are fed into the system of login as mentioned below:

ü Login: 2' or '2'='2 and Password= 2' or '2'='2

ü Login: 2' or '2'='2';--

When the argument for the Username will be evaluated, ‘2’=’2’ will come out to be TRUE. In this case the returned value will be the authentic username.

Ø PHP Remote Code Execution

This hacking attack is based on programming language of PHP. The hacker in this case enables the Hacker to carry out the code at the personal system level which is then forwarded to the targeted web server. With this

Step, the attacker can circumvent the web server. Bypassing allows the hacker to contact and gain the files with the full and special rights which are cherished by the original server system software.

A multiple number of PHP programs enclose a susceptibility that can send the unauthentic users to the web server. The user will be directed unchecked and unnoticed, so any of the hacker can use this PHP program.

Ø Google Hacking

Among the list of Search Engines, Google is the most used one.

Google keeps a record of the pages crawled by the users by taking the snapshots of pages. It will access these through the Cached link which are showed on the search results pages.

Google hacking makes use of Advance Search Operators through the Google search engine, it will locate the precise text strings in between the search results. Some of the hackers may find some appropriate versions of susceptible Web Applications.

The hacker can target the particular Password files, Directories. And File types, or different cameras with specific IP addresses.

Ø Directory Transversal Attacks

Directory traversal hacking attacks enable the malicious users to specifically" navigate" the directory and sidestep the access control list to get access to the hidden files. These types of hidden files can enable the hackers to manipulate the data and use to it for destructive purposes.

These attacks are based on the HTTP exploits. These attacks commence with an easy GET or various types of requests based on HTTP. Many of the web servers can get victim of this type of attack which can encounter the vulnerabilities very easily in a much shorter duration, as compared to other types of hacking attacks.

Conclusion

The world of technology and information has travelled a long way of development and progress. It is through this development that the whole mankind can cherish the fruitful effects of easy communication, access and collaboration. The world is truly a global village, after the foundation for these two pillars have been led. But as the development and progress is being aggravated, a number of new challenges have come across the ways which demand the human intellect to devise useful ways of handling these challenges.

One such challenge which has gained desperate attention during last few decades pertain to the activity of hacking, it is because hackers have been involved in extending a number of extensive losses to different computing systems and networks , both in terms of financial and non financial quantum. So all the users and developers of computer systems are very much involved in knowing the science and art of hacking.

People are now interested to gain knowledge about hacking so that they remain no more vulnerable to the hacking activities and the subsequent losses. This book has been written with an intention that even the basic users of computers and networks need to know about hacking, it is because the victim is the most crucial person who needs to know about the activity. I have outlined the most basic knowledge so that you can start from the rawestoutline of knowledge pertaining to hacking. I wish and hope that the information presented will be useful and understandable for my readers.