forked from techfolios/template-old
-
Notifications
You must be signed in to change notification settings - Fork 0
ceh_11_hacking_webserver
amaskey edited this page Apr 20, 2018
·
2 revisions
- Web server is hardware and software delivered on http(s) with scripts including PHP, javascript, ASP.NET etc
- performing web server reconnaissance using Skipfish
- stop windows default web server and run wamp
- kali time
-
skipfish -o /root/test -S /usr/share/skipfish/dictionaries/complete.wl http://172.17.19.66- skipfish starts brute force on webserver
- using complete.wl dictionary file
- creates a directory name test in root and stores the result in index.html
- resulting index.html contains
- summary of document types
- issues found in the server including
- version of software used and known vulnerability
- embedded pages
- password entry form and possibile vulnerability
- hidden files and directories
- complete http session
-
- footprinting webserver using httprecon tool
- install httprecon.exe
- enter URL of target web server
- get webserver used and version
- get server side scripting language
- footprinign a webserver using ID serve
- install idserver.exe
- enter target URL
- query the web server
- exploiting Java vulnerability using metasploit framework
- focus on two known vulnerabilities in JDK7 --> classFinder and methodFinder.findMethod()
- classFinder: untrusted code can access packages which allows attacker to disable security manager
- run metasploit
https://localhost:3790- create a project and point tot the target server
- search for specific CVE number and run exploit
- machines connected to this target web server
- modern browser do warn about this but most user click through it anyway
- attacker now has session with the victim machine
- attacker can browse through file system
- access command shell of the victim
- performing shellshock exploitation on web server and gaining unrestricted access to the server
- kali
- launch iceweasel web browser and
http:\\target_ip/cgi-bin/shellshock\ - run metasploit
- ubuntu server hosting shellshock webpage is hacked instantly
- traverse the file system
- upload, delete files
- execute applications remotely
- launch shell etc
- launch iceweasel web browser and
- cracking ftp credentials using dictionary attack
- kali
- use nmap to see if ftp is open
- try to access ftp and it is password protected
- launch hydra with username and password file
- it tries combination of all username and password
- successful pairs are displayed
- use those credential to access ftp server remotely
foot
- TODO
- troubleshoot
- Tutorials
- Security Onion Overview
- Elastic Stack
- bro
- Snort
- sguil
- squert
- netsniff-ng
- ossec
- cif
- beat
- banyard
- pulled pork
- pf ring
- CapMe
- apache
- my-sql
- python basic
- Sequences - list, dict, string...
- Regular expression
- functions
- Data Abstraction
- Trees
- containers
- object
- Libraries
-
useful libs
- datetime, json, pyperclip, io
- numpy
- matplotlib
- wavelets
- pandas
- pickle
-
useful libs
- Tutorial
- foot printing and reconnaissance
- scanning networks
- enumeration
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial-of-Service
- Session Hijacking
- Hacking Webservers
- Hacking Web Application
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Evading IDS, Firewalls, and Honeypots
- Cloud Computing
- Cryptography