The web page is a collection of raw materials ranging from images to text files all sitting out on a computer somewhere on the internet. A web server is software that runs on the same computer. When you ask for a web page, the web servers puts all these raw materials together into a web page.
however, it sends it back out over the internet to your web browser. Web Servers consist of the Document root, Server root, Virtual document tree, Virtual hosting, Web Proxy. In this article, we are going to cover the web server attacks and hacking methodology of web servers.
Web servers attacks
Like any computer system, web servers also can be compromised. Invaders use several practices and techniques to launch outbreaks on target web servers and take advantage of the target. Some of the main attacks are:
1. DoS or DDoS Attacks
DoS/DDoS attack is an attack in which the invader sends a great amount of requests to the victim web server to stop the server from working appropriately.
2. DNS Server Hijacking
An attack in which the invader targets a DNS server and tempers with its mapping settings making it readdress clients to the attacker’s rogue server which serves the attacker’s malicious website or pop-ups.
3. Directory Traversal Attacks
An attack in which the invader uses the victim URL to gain entree to restricted directories.
4. MITM Attacks
A man-in-the-middle (MITM) attack is when an invader interrupts communication between two parties either to secretly spy or change traffic travelling between the two parties. Invaders might use MITM attacks to snip login details or personal info/data , spy on the target, or disrupt communications.
5. Phishing Attacks
An attack in which the invader emails the victim with links or messages that are malicious. Once the victim clicks on the link or message, they are redirected to a website that is malicious which shows them to give sensitive info or data.
6. SSH Brute Force Attacks
An attack in which the invader obtains the SSH login details and produces SSH tunnels among two hosts through which they can then deliver contents that are malicious.
7. Web Application Attacks
Web application attack is an attack in which the invader exploits vulnerabilities or weakness in the code of the apps.
8. Web Cache Poisoning
Web cache poisoning is an attack in which the invader substitutes stored/cached content with content that is malicious.
9. HTTP Response Splitting Attacks
An attack in which the invader inserts newlines into reply headers, making the server divide one reply into two responses. The invader is then able to control the primary reply coming from the server and redirect the client to a website that is malicious.
Hacking Methodology
To execute a successful attack on web servers, you need to follow certain steps:
- Every single attack starts with gathering information. This is the turn of knowing the who, when, how, and any additional kind of info or sources that you can get about your target.
- Acquire information about the server’s remote access abilities, ports, and services.
- Make an exact copy or mirror the victim’s website to surf it offline.
- Look for vulnerabilities or exploits.
- Do session hijacking also known as cookie hijacking or any password cracking techniques.
In the information gathering stage, the attacker might attempt to obtain the victim’s robots.txt file, which comprises the directories and files that are unseen or hidden from the hackers. This file could offer the attacker with info or materials such as PINs, emails, and hidden links. Metasploit and Wfetch are the main tools used by attackers to gather information.
Metasploit is the most powerful pen testing tool that assists you to find and exploit vulnerabilities in systems and on the other hand Wfetch is a tool that shows the request and reply so that the communication can be understood without difficulty.
written by: Vishnu Kuttan
Reviewed By: Sayan Chatterjee
If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs
