Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published byGillian Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 10 Hacking Web Servers

2 Objectives Describe Web applications
Explain Web application vulnerabilities Describe the tools used to attack Web servers Hands-On Ethical Hacking and Network Defense

3 Understanding Web Applications
It is nearly impossible to write a program without bugs Some bugs create security vulnerabilities Web applications also have bugs Web applications have a larger user base than standalone applications Bugs are a bigger problem for Web applications Hands-On Ethical Hacking and Network Defense

4 Web Application Components
Static Web pages Created using HTML Dynamic Web pages Need special components <form> tags Common Gateway Interface (CGI) Active Server Pages (ASP) PHP ColdFusion Scripting languages Database connectors Hands-On Ethical Hacking and Network Defense

5 Web Forms Use the <form> element or tag in an HTML document
Allows customer to submit information to the Web server Web servers process information from a Web form by using a Web application Easy way for attackers to intercept data that users submit to a Web server Hands-On Ethical Hacking and Network Defense

6 Web Forms (continued) Web form example <html> <body>
Enter your username: <input type="text" name="username"> <br> Enter your password: <input type="text" name="password"> </form></body></html> Hands-On Ethical Hacking and Network Defense

7 Hands-On Ethical Hacking and Network Defense

8 Common Gateway Interface (CGI)
Handles moving data from a Web server to a Web browser The majority of dynamic Web pages are created with CGI and scripting languages Describes how a Web server passes data to a Web browser Relies on Perl or another scripting language to create dynamic Web pages CGI programs can be written in different programming and scripting languages Hands-On Ethical Hacking and Network Defense

9 Common Gateway Interface (CGI) (continued)
CGI example Written in Perl Hello.pl Should be placed in the cgi-bin directory on the Web server #!/usr/bin/perl print "Content-type: text/html\n\n"; print "Hello Security Testers!"; Hands-On Ethical Hacking and Network Defense

10 Active Server Pages (ASP)
With ASP, developers can display HTML documents to users on the fly Main difference from pure HTML pages When a user requests a Web page, one is created at that time ASP uses scripting languages such as JScript or VBScript Not all Web servers support ASP Hands-On Ethical Hacking and Network Defense

11 Hands-On Ethical Hacking and Network Defense

12 Active Server Pages (ASP) (continued)
ASP example <HTML> <HEAD><TITLE> My First ASP Web Page </TITLE></HEAD> <BODY> <H1>Hello, security professionals</H1> The time is <% = Time %>. </BODY> </HTML> Microsoft does not want users to be able to view an ASP Web page’s source code This can create serious security problems Hands-On Ethical Hacking and Network Defense

13 Apache Web Server Tomcat Apache is another Web Server program
Tomcat Apache hosts anywhere from 50% to 60% of all Web sites Advantages Works on just about any *NIX and Windows platform It is free Requires Java 2 Standard Runtime Environment (J2SE, version 5.0) Hands-On Ethical Hacking and Network Defense

14 Hands-On Ethical Hacking and Network Defense

15 Hands-On Ethical Hacking and Network Defense

16 Using Scripting Languages
Dynamic Web pages can be developed using scripting languages VBScript JavaScript PHP Hands-On Ethical Hacking and Network Defense

17 PHP: Hypertext Processor (PHP)
Enables Web developers to create dynamic Web pages Similar to ASP Open-source server-side scripting language Can be embedded in an HTML Web page using PHP tags <?php and ?> Users cannot see PHP code on their Web browser Used primarily on UNIX systems Also supported on Macintosh and Microsoft platforms Hands-On Ethical Hacking and Network Defense

18 PHP: Hypertext Processor (PHP) (continued)
PHP example <html> <head> <title>My First PHP Program </title> </head> <body> <?php echo '<h1>Hello, Security Testers!</h1>'; ?> </body> </html> As a security tester you should look for PHP vulnerabilities Hands-On Ethical Hacking and Network Defense

19 ColdFusion Server-side scripting language used to develop dynamic Web pages Created by the Allaire Corporation Uses its own proprietary tags written in ColdFusion Markup Language (CFML) CFML Web applications can contain other technologies, such as HTML or JavaScript Hands-On Ethical Hacking and Network Defense

20 ColdFusion (continued)
CFML example <html> <head> <title>Using CFML</title> </head> <body> <CFLOCATION URL=" ADDTOKEN="NO"> </body> </html> CFML is not exempt of vulnerabilities Hands-On Ethical Hacking and Network Defense

21 VBScript Visual Basic Script is a scripting language developed by Microsoft Converts static Web pages into dynamic Web pages Takes advantage of the power of a full programming language VBScript is also prone to security vulnerabilities Check the Microsoft Security Bulletin for information about VBScript vulnerabilities Hands-On Ethical Hacking and Network Defense

22 VBScript (continued) VBScript example <html> <body>
<script type="text/vbscript"> document.write("<h1>Hello Security Testers!</h1>") document.write("Date Activated: " & date()) </script> </body> </html> Hands-On Ethical Hacking and Network Defense

23 Hands-On Ethical Hacking and Network Defense

24 JavaScript Popular scripting language
JavaScript also has the power of a programming language Branching Looping Testing Variety of vulnerabilities exist for JavaScript that have been exploited in older Web browsers Hands-On Ethical Hacking and Network Defense

25 JavaScript (continued)
JavaScript example <html> <head> <script type="text/javascript"> function chastise_user() { alert("So, you like breaking rules?") document.getElementByld("cmdButton").focus() } </script> </head> <body> <h3>"If you are a Security Tester, please do not click the command button below!"</h3> <form> <input type="button" value="Don't Click!" name="cmdButton" onClick="chastise_user()" /> </form> </body> </html> Hands-On Ethical Hacking and Network Defense

26 Hands-On Ethical Hacking and Network Defense

27 Hands-On Ethical Hacking and Network Defense

28 Connecting to Databases
Web pages can display information stored on databases There are several technologies used to connect databases with Web applications Technology depends on the OS used ODBC OLE DB ADO Theory is the same Hands-On Ethical Hacking and Network Defense

29 Open Database Connectivity (ODBC)
Standard database access method developed by the SQL Access Group ODBC interface allows an application to access Data stored in a database management system Any system that understands and can issue ODBC commands Interoperability among back-end DBMS is a key feature of the ODBC interface Hands-On Ethical Hacking and Network Defense

30 Open Database Connectivity (ODBC) (continued)
ODBC defines Standardized representation of data types A library of ODBC functions Standard methods of connecting to and logging on to a DBMS Hands-On Ethical Hacking and Network Defense

31 Object Linking and Embedding Database (OLE DB)
OLE DB is a set of interfaces Enables applications to access data stored in a DBMS Developed by Microsoft Designed to be faster, more efficient, and more stable than ODBC OLE DB relies on connection strings Different providers can be used with OLE DB depending on the DBMS to which you want to connect Hands-On Ethical Hacking and Network Defense

32 Hands-On Ethical Hacking and Network Defense

33 ActiveX Data Objects (ADO)
ActiveX defines a set of technologies that allow desktop applications to interact with the Web ADO is a programming interface that allows Web applications to access databases Steps for accessing a database from a Web page Create an ADO connection Open the database connection you just created Create an ADO recordset Open the recordset Select the data you need Close the recordset and the connection Hands-On Ethical Hacking and Network Defense

34 Understanding Web Application Vulnerabilities
Many platforms and programming languages can be used to design a Web site Application security is as important as network security Attackers controlling a Web server can Deface the Web site Destroy or steal company’s data Gain control of user accounts Perform secondary attacks from the Web site Gain root access to other applications or servers Hands-On Ethical Hacking and Network Defense

35 Application Vulnerabilities Countermeasures
Open Web Application Security Project (OWASP) Open, not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications Publishes the Ten Most Critical Web Application Security Vulnerabilities Top-10 Web application vulnerabilities Unvalidated parameters HTTP requests are not validated by the Web server Broken access control Developers implement access controls but fail to test them properly Hands-On Ethical Hacking and Network Defense

36 Application Vulnerabilities Countermeasures (continued)
Top-10 Web application vulnerabilities (continued) Broken account and session management Enables attackers to compromise passwords or session cookies to gain access to accounts Cross-site scripting (XSS) flaws Attacker can use a Web application to run a script on the Web browser of the system he or she is attacking Buffer overflows It is possible for an attacker to use C or C++ code that includes a buffer overflow Hands-On Ethical Hacking and Network Defense

37 Application Vulnerabilities Countermeasures (continued)
Top-10 Web application vulnerabilities (continued) Command injection flaws An attacker can embed malicious code and run a program on the database server Error-handling problems Error information sent to the user might reveal information that an attacker can use Insecure use of cryptography Storing keys, certificates, and passwords on a Web server can be dangerous Hands-On Ethical Hacking and Network Defense

38 Application Vulnerabilities Countermeasures (continued)
Top-10 Web application vulnerabilities (continued) Remote administration flaws Attacker can gain access to the Web server through the remote administration interface Web and application server misconfiguration Any Web server software out of the box is usually vulnerable to attack Default accounts and passwords Overly informative error messages Hands-On Ethical Hacking and Network Defense

39 Application Vulnerabilities Countermeasures (continued)
WebGoat project Helps security testers learn how to perform vulnerabilities testing on Web applications Developed by OWASP WebGoat can be used to Reveal HTML or Java code and any cookies or parameters used Hack a logon name and password Hands-On Ethical Hacking and Network Defense

40 Hands-On Ethical Hacking and Network Defense

41 Hands-On Ethical Hacking and Network Defense

42 Application Vulnerabilities Countermeasures (continued)
WebGoat can be used to Traverse a file system on a Windows XP computer running Apache WebGoat’s big challenge Defeat an authentication mechanism Steal credit cards from a database Deface a Web site Hands-On Ethical Hacking and Network Defense

43 Hands-On Ethical Hacking and Network Defense

44 Hands-On Ethical Hacking and Network Defense

45 Hands-On Ethical Hacking and Network Defense

46 Assessing Web Applications
Security testers should look for answers to some important questions Does the Web application use dynamic Web pages? Does the Web application connect to a backend database server? Does the Web application require authentication of the user? On what platform was the Web application developed? Hands-On Ethical Hacking and Network Defense

47 Does the Web Application Use Dynamic Web Pages?
Static Web pages do not create a security environment IIS attack example Submitting a specially formatted URL to the attacked Web server IIS does not correctly parse the URL information Attackers could launch a Unicode exploit Attacker can even install a Trojan program Hands-On Ethical Hacking and Network Defense

48 Does the Web Application Connect to a Backend Database Server?
Security testers should check for the possibility of SQL injection being used to attack the system SQL injection involves the attacker supplying SQL commands on a Web application field SQL injection examples SELECT * FROM customer WHERE tblusername = ' ' OR 1=1 -- ' AND tblpassword = ' ' or WHERE tblusername = ' OR "=" AND tblpassword = ' OR "=" Hands-On Ethical Hacking and Network Defense

49 Does the Web Application Connect to a Backend Database Server
Does the Web Application Connect to a Backend Database Server? (continued) Basic testing should look for Whether you can enter text with punctuation marks Whether you can enter a single quotation mark followed by any SQL keywords Whether you can get any sort of database error when attempting to inject SQL Hands-On Ethical Hacking and Network Defense

50 Does the Web Application Require Authentication of the User?
Many Web applications require another server authenticate users Examine how information is passed between the two servers Encrypted channels Verify that logon and password information is stored on secure places Authentication servers introduce a second target Hands-On Ethical Hacking and Network Defense

51 On What Platform Was the Web Application Developed?
Several different platforms and technologies can be used to develop Web applications Attacks differ depending on the platform and technology used to develop the application Footprinting is used to find out as much information as possible about a target system The more you know about a system the easier it is to gather information about its vulnerabilities Hands-On Ethical Hacking and Network Defense

52 Tools of Web Attackers and Security Testers
Choose the right tools for the job Attackers look for tools that enable them to attack the system They choose their tools based on the vulnerabilities found on a target system or application Hands-On Ethical Hacking and Network Defense

53 Web Tools Cgiscan.c: CGI scanning tool
Written in C in 1999 by Bronc Buster Tool for searching Web sites for CGI scripts that can be exploited One of the best tools for scanning the Web for systems with CGI vulnerabilities Hands-On Ethical Hacking and Network Defense

54 Hands-On Ethical Hacking and Network Defense

55 Web Tools (continued) Phfscan.c
Written to scan Web sites looking for hosts that could be exploited by the PHF bug The PHF bug enables an attacker to download the victim’s /etc/passwd file It also allows attackers to run programs on the victim’s Web server by using a particular URL Hands-On Ethical Hacking and Network Defense

56 Web Tools (continued) Wfetch: GUI tool
This tool queries the status of a Web server It also attempts authentication using Multiple HTTP methods Configuration of host name and TCP port HTTP 1.0 and HTTP 1.1 support Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiation authentication types Multiple connection types Proxy support Client-certificate support Hands-On Ethical Hacking and Network Defense

57 Hands-On Ethical Hacking and Network Defense

58 Summary Web applications can be developed on many platforms
HTML pages can contain Forms ASP CGI Scripting languages Static pages have been replaced by dynamic pages Dynamic Web pages can be created using CGI, ASP, and JSP Hands-On Ethical Hacking and Network Defense

59 Summary (continued) Web forms allows developers to create Web pages with which visitors can interact Web applications use a variety of technologies to connect to databases ODBC OLE DB ADO Security tests should check Whether the application connects to a database If the user is authenticated through a different server Hands-On Ethical Hacking and Network Defense

60 Summary (continued) Many tools are available for security testers
Cgiscan Wfetch OWASP open-source software Web applications that connect to databases might be vulnerable to SQL injection There are many free tools for attacking Web servers available in the Internet Hands-On Ethical Hacking and Network Defense

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
Hacking Web Servers April 15, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Hacking Web Servers April 15, 2010 MIS 4600 – MBA © Abdou Illia.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing

Introduction to Web Database Processing
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input: ï‚¡ Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input: ï‚¡ Information.
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.

Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Similar presentations

Ads by Google