Attacks on Web Servers and Security Checks

Introduction to Web Server

A Web Server is a program which is configured to serve Web Pages using the Hyper Text Transfer Protocol (HTTP). Served content usually is HTML documents and linked objects Images, Scripts, Text, etc. Web server has an IP address and possibly a domain name. For example, if you enter the URL http://www.kyrion.in/index.html in your browser, this sends a request to the server whose domain name is Kyrion.in. The server then fetches the page named index.html and sends it to your browser.

Setting up a Web Server

Any computer can be turned into a Web server by installing server software and connecting the machine to the Internet. There are many Web server software applications available. Software to setup a Web Server: Apache IIS

How Web Server Works: The Basic Process

Let's say that you are sitting at your computer, surfing the Web. So you type that URL into your browser and press return. And magically, no matter where in the world that URL lives, the page pops up on your screen. Web browser forms a connection to a Web server, requests a page and receives it.

Working of Web Server

Attacks on Web Server

Web Ripping Google Hacking SQL Injection PHP Remote Code Execution Cross Site Scripting Directory Transversal Attacks

Web Ripping
Web Ripping is finding and extracting pictures and other media files from specified website URLs and save them to your hard drive. Web Ripping is the ability to copy the structure of a Web site to a local disk and obtain a complete profile of the site and all its files and links.

Black Widows: Web Ripper

Google Hacking
As we all know, Google is a Search Engine. Google keeps snapshots of pages it has crawled that we can access via the Cached link on the search results page. Google hacking involves using Advance Search Operators in the Google search engine to locate specific strings of text within search results. Some of the more popular examples are finding specific versions of Vulnerable Web Applications. You can look for the particular Filetypes, Password files and Directories. Even you can find out the IP based CCTV Cameras.

Protecting your Files from Google

A robots.txt file restricts access to your site by search engine robots that crawl the web. These bots are automated, and before they access pages of a site, they check to see if a robots.txt file exists that prevents them from accessing certain pages. You need a robots.txt file only if your site includes content that you don't want search engines to catch. If you want search engines to index everything in your site, you don't need a robots.txt file (not even an empty one).

Robot.txt: Example

CrossCross-site scripting
Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited Cross-Site Scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Recently, vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. Crosssite scripting was originally referred to as CSS, although this usage has been largely discontinued.

CrossCross-site Scripting

Directory Traversal Attack

Directory traversal attacks allow malicious users to literally "traverse" the directory and bypass the access control list to gain access to restricted files and even manipulate data. These attacks are HTTP exploits that begin with a simple GET or other type of HTTP request from a dynamic page. If your Web site is vulnerable, and chances are it is, the server will return with a file that hasn't been properly validated. A malicious user will then send a request for a file one or more directories up by adding one or more "../" directives to the string. Each "../" instructs the page to "go up one directory."

The Wayback Machine

Archive.org, known as Wayback Machine. Hackers use this website to have a look how other websites looked in the past.

Database Server
The Database server is a key component in a client/server environment. Specially the Websites which have a User Login Architecture. Database Server holds the Database Management System (DBMS) and the Data Records. Upon requests from the client machines, it searches the database for selected records and passes them back over the network. Software to setup a Database Server: Oracle SQL Server MySql

Login Process on the Website

Let's say that you are sitting at your computer, surfing the Web, and you open a Website to Login to your account. 1: You type in the Login Username and Password and clicks on Sign in and you get in to your account. 2: Web Server receives the Username and Password and forwards it to the Database server. 3: Database server receives the Username and Password from the Web Server and checks its tables for that Username and Password and sends the result of the authentication to the Web Server. 4: Web Server receives the Authentication result from the Database Server and on the basis of the result, redirects the User to the proper Webpage.

Login Process on the Website

If the Authentication is True, User gets signed in to the Account, and if it fails User is asked to Sign In again.

Database Server

SQL injection
A SQL injection attack exploits vulnerabilities in a web server database that allow the attacker to gain access to the database and read, modify, or delete information. An example of a SQL injection attack is making the condition true by giving the identical value to a web page. These values can be inserted into a login as follows: Login: 1' or '1'='1 and Password= 1' or '1'='1 Login: 1' or '1'='1';- When the Username argument is evaluated, 1=1 will assess to TRUE, and an authentic username will be returned.

Input Validation on the SQL injection

There are measures that can be applied to mitigate SQL injection attacks. Web developer can check whether some suspicious characters are sent from the Login Page like , , ;, -- , etc Always store the Passwords in the Database server in the Encrypted Form. Use of these practices does not guarantee that SQL injection can be completely eliminated, but they will make it more difficult for Hackers to conduct these attacks.

PHP Injection: Placing PHP Backdoors

This attack provides the means for a Hacker to execute his or her system level code on a target web server. With this capability, an attacker can compromise the web server and access files with the same rights as the server system software. For example, a number of PHP programs contain a vulnerability that could enable the transfer of unchecked user commands to the eval( ) function.

Eval() PHP Eval() Function

PHP Remote Code Execution

Directory access controls

Htaccess files provide a way to make configuration changes on a per-directory basis. .Htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system.

Configuring ..htaccess htaccess

How Attackers Hide themselves while Attacking

Proxy Servers
A Proxy Server is a server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control and caching service. Hackers generally use the Proxy server on the Internet to make their Identity invisible to the target.

Types of Proxy Servers

Web Proxy Anonymous Proxy Server

Web Proxy Server

A Proxy site is a web page which allows a user to browse other web sites. If an Attacker finds that he is blocked from accessing a Website, he will use any of web proxy sites to get bypass the block.

Anonymous Proxy Server

An Anonymous proxy is a proxy server designed to protect the privacy and anonymity of web browsers from web site operators. In Anonymous Proxy, you get an IP Address and a Port Number. You have to configure that IP and Port with your Web Browser and you will be surfing anonymously.