How to Hack a Web Server

 Customers usually turn to the internet to get information and buy products and services. Towards that end, most organizations have websites.Most websites store valuable information such as credit card numbers, email address and passwords, etc. This has made them targets to attackers. Defaced websites can also be used to communicate religious or political ideologies etc.

In this tutorial, we will introduce you toweb servers hacking techniques and how you can protect servers from such attacks.

Web server vulnerabilities

A web server is a program that stores files (usually web pages) and makes them accessible via the network or the internet. A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized entry to the server. Let’s look at some of the common vulnerabilities that attackers take advantage of.

• Default settings– These settings such as default user id and passwords can be easily guessed by the attackers. Default settings might also allow performing certain tasks such as running commands on the server which can be exploited.
• Misconfigurationof operating systems and networks – certain configuration such as allowing users to execute commands on the server can be dangerous if the user does not have a good password.
• Bugs in the operating system and web servers– discovered bugs in the operating system or web server software can also be exploited to gain unauthorized access to the system.

In additional to the above-mentioned web server vulnerabilities, the following can also led to unauthorized access

• Lack of security policy and procedures– lack of a security policy and procedures such as updating antivirus software, patching the operating system and web server software can create security loop holes for attackers.

Types of Web Servers

The following is a list of the common web servers

• Apache– This is the commonly used web server on the internet. It is cross platform but is it’s usually installed on Linux. Most PHP websites are hosted on Apache servers.
• Internet Information Services (IIS)– It is developed by Microsoft. It runs on Windows and is the second most used web server on the internet. Most asp and aspx websites are hosted on IIS servers.
• Apache Tomcat – Most Java server pages (JSP) websites are hosted on this type of web server.
• Other web servers – These include Novell’s Web Server and IBM’s Lotus Domino servers.

Types of Attacks against Web Servers

Directory traversal attacks– This type of attacks exploits bugs in the web server to gain unauthorized access to files and folders that are not in the public domain. Once the attacker has gained access, they can download sensitive information, execute commands on the server or install malicious software.

• Denial of Service Attacks– With this type of attack, the web server may crash or become unavailable to the legitimate users.
• Domain Name System Hijacking – With this type of attacker, the DNS setting are changed to point to the attacker’s web server. All traffic that was supposed to be sent to the web server is redirected to the wrong one.
• Sniffing– Unencrypted data sent over the network may be intercepted and used to gain unauthorized access to the web server.
• Phishing– With this type of attack, the attack impersonates the websites and directs traffic to the fake website. Unsuspecting users may be tricked into submitting sensitive data such as login details, credit card numbers, etc.
• Pharming– With this type of attack, the attacker compromises the Domain Name System (DNS) servers or on the user computer so that traffic is directed to a malicious site.
• Defacement– With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages.

Effects of successful attacks

• An organization’s reputation can be ruined if the attacker edits the website content and includes malicious information or links to a porn website
• The web server can be used to install malicious software on users who visit the compromised website. The malicious software downloaded onto the visitor’s computer can be a virus, Trojan or Botnet Software, etc.
• Compromised user data may be used for fraudulent activities which may lead to business loss or lawsuits from the users who entrusted their details with the organization

Web server attack tools

Some of the common web server attack tools include;

• Metasploit– this is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in web servers and write exploits that can be used to compromise the server.
• MPack– this is a web exploitation tool. It was written in PHP and is backed by MySQL as the database engine. Once a web server has been compromised using MPack, all traffic to it is redirected to malicious download websites.
• Zeus– this tool can be used to turn a compromised computer into a bot or zombie. A bot is a compromised computer which is used to perform internet-based attacks. A botnet is a collection of compromised computers. The botnet can then be used in a denial of service attack or sending spam mails.
• Neosplit – this tool can be used to install programs, delete programs, replicating it, etc.

How to avoid attacks on Web server

An organization can adopt the following policy to protect itself against web server attacks.

• Patch management– this involves installing patches to help secure the server. A patch is an update that fixes a bug in the software. The patches can be applied to the operating system and the web server system.
• Secure installation and configuration of the operating system
• Secure installation and configuration of the web server software
• Vulnerability scanning system– these include tools such as Snort, NMap, Scanner Access Now Easy (SANE)
• Firewalls can be used to stop simple DoS attacks by blocking all traffic coming the identify source IP addresses of the attacker.
• Antivirus software can be used to remove malicious software on the server
• Disabling Remote Administration
• Default accounts and unused accounts must be removed from the system
• Default ports & settings (like FTP at port 21) should be changed to custom port & settings (FTP port at 5069)

Hacking Activity: Hack a WebServer

In this practical scenario, we are going to look at the anatomy of a web server attack. We will assume we are targeting www.techpanda.org. We are not actually going to hack into it as this is illegal. We will only use the domain for educational purposes.

What we will need

• A target www.techpanda.org
• Bing search engine
• SQL Injection Tools
• PHP Shell, we will use dk shell http://sourceforge.net/projects/icfdkshell/

Information gathering

We will need to get the IP address of our target and find other websites that share the same IP address.

We will use an online tool to find the target’s IP address and other websites sharing the IP address

• Enter the URL https://www.yougetsignal.com/tools/web-sites-on-web-server/ in your web browser
• Enter www.techpanda.org as the target

• Click on Check button
• You will get the following results

Based on the above results, the IP address of the target is 69.195.124.112

We also found out that there are 403 domains on the same web server.

Our next step is to scan the other websites for SQL injection vulnerabilities. Note: if we can find a SQL vulnerable on the target, then we would directly exploit it without considering other websites.

• Enter the URL www.bing.com into your web browser. This will only work with Bing so don’t use other search engines such as google or yahoo
• Enter the following search query

ip:69.195.124.112 .php?id=

HERE,

• “ip:69.195.124.112” limits the search to all the websites hosted on the web server with IP address 69.195.124.112
• “.php?id=” search for URL GET variables used a parameters for SQL statements.

You will get the following results

As you can see from the above results, all the websites using GET variables as parameters for SQL injection have been listed.

The next logic step would be to scan the listed websites for SQL Injection vulnerabilities. You can do this using manual SQL injection or use tools listed in this article on SQL Injection.

Uploading the PHP Shell

We will not scan any of the websites listed as this is illegal. Let’s assume that we have managed to login into one of them. You will have to upload the PHP shell that you downloaded from http://sourceforge.net/projects/icfdkshell/

• Open the URL where you uploaded the dk.php file.
• You will get the following window

• Clicking the Symlink URL will give you access to the files in the target domain.

Once you have access to the files, you can get login credentials to the database and do whatever you want such as defacement, downloading data such as emails, etc.

Summary

• Web server stored valuable information and are accessible to the public domain. This makes them targets for attackers.
• The commonly used web servers include Apache and Internet Information Service IIS
• Attacks against web servers take advantage of the bugs and Misconfiguration in the operating system, web servers, and networks
• Popular web server hacking tools include Neosploit, MPack, and ZeuS.
• A good security policy can reduce the chances of been attacked

What is a DoS Attack and How to DoS Someone [Ping of Death]

 

What is DoS Attack?

DOS is an attack used to deny legitimate users access to a resource such as accessing a website, network, emails, etc. or making it extremely slow. DoS is the acronym for Denial of Service. This type of attack is usually implemented by hitting the target resource such as a web server with too many requests at the same time. This results in the server failing to respond to all the requests. The effect of this can either be crashing the servers or slowing them down.

Cutting off some business from the internet can lead to significant loss of business or money. The internet and computer networks power a lot of businesses. Some organizations such as payment gateways, e-commerce sites entirely depend on the internet to do business.

In this tutorial, we will introduce you to what denial of service attack is, how it is performed and how you can protect against such attacks.

Types of Dos Attacks

There are two types of Dos attacks namely;

• DoS– this type of attack is performed by a single host
• Distributed DoS– this type of attack is performed by a number of compromised machines that all target the same victim. It floods the network with data packets.

How DoS attacks work

Let’s look at how DoS attacks are performed and the techniques used. We will look at five common types of attacks.

Ping of Death

The ping command is usually used to test the availability of a network resource. It works by sending small data packets to the network resource. The ping of death takes advantage of this and sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows. TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash.

Smurf

This type of attack uses large amounts of Internet Control Message Protocol (ICMP) ping traffic target at an Internet Broadcast Address. The reply IP address is spoofed to that of the intended victim. All the replies are sent to the victim instead of the IP used for the pings. Since a single Internet Broadcast Address can support a maximum of 255 hosts, a smurf attack amplifies a single ping 255 times. The effect of this is slowing down the network to a point where it is impossible to use it.

Buffer overflow

A buffer is a temporal storage location in RAM that is used to hold data so that the CPU can manipulate it before writing it back to the disc. Buffers have a size limit. This type of attack loads the buffer with more data that it can hold. This causes the buffer to overflow and corrupt the data it holds. An example of a buffer overflow is sending emails with file names that have 256 characters.

Teardrop

This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other. This can cause the intended victim to crash as it tries to re-assemble the packets.

SYN attack

SYN is a short form for Synchronize. This type of attack takes advantage of the three-way handshake to establish communication using TCP. SYN attack works by flooding the victim with incomplete SYN messages. This causes the victim machine to allocate memory resources that are never used and deny access to legitimate users.

The ping command is usually used to test the availability of a network resource. It works by sending small data packets to the network resource. The ping of death takes advantage of this and sends data packets above the maximum limit (65,536 bytes) that TCP/IP allows. TCP/IP fragmentation breaks the packets into small chunks that are sent to the server. Since the sent data packages are larger than what the server can handle, the server can freeze, reboot, or crash.

Smurf

This type of attack uses large amounts of Internet Control Message Protocol (ICMP) ping traffic target at an Internet Broadcast Address. The reply IP address is spoofed to that of the intended victim. All the replies are sent to the victim instead of the IP used for the pings. Since a single Internet Broadcast Address can support a maximum of 255 hosts, a smurf attack amplifies a single ping 255 times. The effect of this is slowing down the network to a point where it is impossible to use it.

Buffer overflow

A buffer is a temporal storage location in RAM that is used to hold data so that the CPU can manipulate it before writing it back to the disc. Buffers have a size limit. This type of attack loads the buffer with more data that it can hold. This causes the buffer to overflow and corrupt the data it holds. An example of a buffer overflow is sending emails with file names that have 256 characters.

Teardrop

This type of attack uses larger data packets. TCP/IP breaks them into fragments that are assembled on the receiving host. The attacker manipulates the packets as they are sent so that they overlap each other. This can cause the intended victim to crash as it tries to re-assemble the packets.

SYN attack

SYN is a short form for Synchronize. This type of attack takes advantage of the three-way handshake to establish communication using TCP. SYN attack works by flooding the victim with incomplete SYN messages. This causes the victim machine to allocate memory resources that are never used and deny access to legitimate users.

DoS Protection: Prevent an attack

An organization can adopt the following policy to protect itself against Denial of Service attacks.

• Attacks such as SYN flooding take advantage of bugs in the operating system. Installing security patches can help reduce the chances of such attacks.
• Intrusion detection systems can also be used to identify and even stop illegal activities
• Firewalls can be used to stop simple DoS attacks by blocking all traffic coming from an attacker by identifying his IP.

Routers can be configured via the Access Control List to limit access to the network and drop suspected illegal traffic..

Hacking Activity: Ping of Death

We will assume you are using Windows for this exercise. We will also assume that you have at least two computers that are on the same network. DOS attacks are illegal on networks that you are not authorized to do so. This is why you will need to setup your own network for this exercise.

Open the command prompt on the target computer

Enter the command ipconfig. You will get results similar to the ones shown below

For this example, we are using Mobile Broadband connection details. Take note of the IP address. Note: for this example to be more effective, and you must use a LAN network.

Switch to the computer that you want to use for the attack and open the command prompt

We will ping our victim computer with infinite data packets of 65500

Enter the following command

ping 10.128.131.108 –t |65500

HERE,

• “ping” sends the data packets to the victim
• “10.128.131.108” is the IP address of the victim
• “-t” means the data packets should be sent until the program is stopped
• “-l” specifies the data load to be sent to the victim

You will get results similar to the ones shown below

Flooding the target computer with data packets doesn’t have much effect on the victim. In order for the attack to be more effective, you should attack the target computer with pings from more than one computer.

The above attack can be used to attacker routers, web servers etc.

If you want to see the effects of the attack on the target computer, you can open the task manager and view the network activities.

• Right click on the taskbar
• Select start task manager
• Click on the network tab
• You will get results similar to the following

If the attack is successful, you should be able to see increased network activities.

Hacking Activity: Launch a DOS attack

In this practical scenario, we are going to use Nemesy to generate data packets and flood the target computer, router or server.

As stated above, Nemesy will be detected as an illegal program by your anti-virus. You will have to disable the anti-virus for this exercise.

• Download Nemesy from http://packetstormsecurity.com/files/25599/nemesy13.zip.html
• Unzip it and run the program Nemesy.exe
• You will get the following interface

Enter the target IP address, in this example; we have used the target IP we used in the above example.

HERE,

• 0 as the number of packets means infinity. You can set it to the desired number if you do not want to send, infinity data packets
• The size field specifies the data bytes to be sent and the delay specifies the time interval in milliseconds.

Click on send button

You should be able to see the following results

The title bar will show you the number of packets sent

Click on halt button to stop the program from sending data packets.

You can monitor the task manager of the target computer to see the network activities.

Summary

• A denial of service attack’s intent is to deny legitimate users access to a resource such as a network, server etc.
• There are two types of attacks, denial of service and distributed denial of service.
• A denial of service attack can be carried out using SYN Flooding, Ping of Death, Teardrop, Smurf or buffer overflow
• Security patches for operating systems, router configuration, firewalls and intrusion detection systems can be used to protect against denial of service attacks.

TCP IP header flags list Tutorial for beginners

 

What is TCP IP header?

TCP IP header refers to Transmission Control Protocol is responsible to make communication between devices and send data over the network.

It provides reliable, ordered, and error check communications. Major internet applications rely on this protocol such as World wide web, email, remote administration, file transfer, etc. Applications that don’t require reliability use UDP (User Datagram Protocol).

• TCP has main operations at the time of communication:
• Establish connections
• Terminate connections
• Reliable Transmission
• Error Detection and check sum
• Flow Control
• Congestion control
• Decide maximum segment size
• Acknowledgment of transfer data
• Forcing data delivery

And these operations are handled by TCP IP header Communication flags. There are six types of Flags used by TCP

URG (Urgent)
Data with this flag should be processed immediately
FIN (finish)
this flag tell there is no more data remain for transmission on the remote system
RST (Reset)
It is used to reset the connection
PSH (Push)
It is used to instruct to send all buffered data immediately to the receiving system
ACK (Acknowledgement)
Used acknowledge the receipt data packets
SYN (Synchronize)
It is used to initiate the connection between the hosts

5 Nmap Scripts Examples in Kali Linux Tutorial for Beginners 2022

 

What are Nmap Scripts or NSE?

Have you heard about the Nmap? If not please read the article nmap commands in Kali Linux

If you don’t want to read the article, no problem at all, I am going to give a short description of Nmap.

Nmap is a powerful tool for scanning networks and finding out live systems, open ports, and running services. This tool is available for windows and Linux.

But if you want deeper information about the target machine you must use the Nmap scripting engine. I will describe step by step for beginners.

You will feel it as a knife on cack.

The Nmap Scripting Engine (NSE) is one of Nmap’s most influential and adaptable features. It permits clients to compose (and offer) straightforward scripts to automate a wide variety of systems networking tasks. Those Nmap scripts are then executed in parallel with the fast speed and productivity you anticipate from Nmap. Clients can depend on the developing and assorted set of scripts conveyed with Nmap, or compose their own particular to help.  Here I am going to check

So what is now, Check out the Nmap script’s location.  You can use the following command to see all Available scripts in nmap.

#locate *.nse

Nmap scripts Examples

–script-help

Shows help with Nmap scripts. For each script matching the given detail, Nmap prints the script name, its classifications, and its categories. The determinations are the same as those acknowledged by -script; so for instance on the off chance that you need help with the afp- and discovery, you would run the following command

#nmap –script-help “afp-* and discovery”.

–script-trace

This alternative works at the requisition level instead of the parcel by the bundle. In the event that this alternative is pointed out, all approaching and friendly correspondence performed by scripts is printed. The showed data incorporates the correspondence convention, source and target locations, and the transmitted information. In the event that more than 5% of transmitted information is unprintable, hex dumps are given.

–script-updatedb

It is just important to upgrade the database in the event that you have included or expelled NSE scripts from the default scripts catalog or in the event that you have changed the classifications of any script. This choice is utilized independently from anyone else without contentions:

#nmap -script-updatedb.

A simple script scan by using the default settings of Nmap scripts

#nmap –sC {Target_IP}

A script scan a target machine without port discovery. This scan only identify host is running or down.

#nmap -sn –sC {Target_IP}

#nmap –Pn -sn –sC {Target_IP}

This scan is used to scan networks without port scanning and host discovery.

Pnetration tester can execute a specific script with script tracing.

#nmap –script smb-os-discovery –script-trace {target_IP_Address}

Run a particular script that takes a script argument

What is Cybercrime? Types, Tools, Examples!

 

What is Cybercrime?

Cybercrime is defined as an unlawful action against any person using a computer, its systems, and its online or offline applications. It occurs when information technology is used to commit or cover an offense. However, the act is only considered Cybercrime if it is intentional and not accidental.

Example of Cybercrime

Here, are some most commonly occurring Cybercrimes:

• The fraud did by manipulating computer network
• Unauthorized access to or modification of data or application
• Intellectual property theft that includes software piracy
• Industrial spying and access to or theft of computer materials
• Writing or spreading computer viruses or malware
• Digitally distributing child pornography

Cybercrime Attack Types

Cybercrime can attack in various ways. Here, is some most common cybercrime attack mode:

Hacking:

It is an act of gaining unauthorized access to a computer system or network.

Denial Of Service Attack:

In this cyberattack, the cyber-criminal uses the bandwidth of the victim’s network or fills their e-mail box with spammy mail. Here, the intention is to disrupt their regular services.

Software Piracy:

Theft of software by illegally copying genuine programs or counterfeiting. It also includes the distribution of products intended to pass for the original.

Phishing:

Pishing is a technique of extracting confidential information from the bank/financial institutional account holders by illegal ways.

Spoofing:

It is an act of getting one computer system or a network to pretend to have the identity of another computer. It is mostly used to get access to exclusive privileges enjoyed by that network or computer.

Cyber Crime Tools

There are many types of Digital forensic tools

Kali Linux:

Kali Linux is an open-source software that is maintained and funded by Offensive Security. It is a specially designed program for digital forensics and penetration testing.

Ophcrack:

This tool is mainly used for cracking the hashes, which are generated by the same files of windows. It offers a secure GUI system and allows you to runs on multiple platforms.

EnCase:

This software allows an investigator to image and examine data from hard disks and removable disks.

SafeBack:

SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and restoring these images to some other hard disks.

Data dumper:

This is a command-line computer forensic tool. It is freely available for the UNIX Operating system, which can make exact copies of disks suitable for digital forensic analysis.

Md5sum:

A tool to check helps you to check data is copied to another storage successfully or not.

Summary:

• Cybercrime is an unlawful action against any person using a computer, its systems, and its online or offline applications.
• The fraud did by manipulating computer network is an example of Cybercrime
• Various types of Cyber crime attack modes are 1) Hacking 2) Denial Of Service Attack 3) Software Piracy 4) Phishing 5) Spoofing.
• Some important tool use for preventing cyber attack are 1)Kali Linux, 2) Ophcrack, 3) EnCase, 4) SafeBack, 5) Data Dumber
• Kali Linux is an open-source software that is maintained and funded by Offensive Security.
• Ophcrack is a tool that is mainly used for cracking the hashes, which are generated by the same files of windows.
• EnCase tool allows an investigator to image and examine data from hard disks and removable disks
• SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and restoring these images to some other hard disks.
• Data dumper is a command-line computer forensic tool.
• Md5sum is a helps you to check data is copied to another storage successfully or not.