{"id":37868,"date":"2022-01-25T15:52:18","date_gmt":"2022-01-25T10:22:18","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=37868"},"modified":"2022-01-28T16:57:05","modified_gmt":"2022-01-28T11:27:05","slug":"hacking-web-servers","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/hacking-web-servers\/","title":{"rendered":"Hacking Web Servers"},"content":{"rendered":"<p style=\"text-align: justify;\">Hacking Web Servers &#8211; Today most online services are executed as web applications. Online banking, web search engines, email applications, and social networks are examples of web services. Web content is created in real time by a software application running at server-side. So hackers attack on the web server to steal credential information, passwords, and business information by using <a href=\"https:\/\/www.wikitechy.com\/technology\/tag\/dos-attack-tools\/\">DoS<\/a> (DDos) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks. In the area of web security, despite strong encryption on the browser-server channel, web users still have no guarantee about what happens at the other end.<\/p>\n<p style=\"text-align: justify;\">Websites are hosted on web servers. Web servers are themselves computers running an operating system; connected to the back-end database, running several applications. Any vulnerability in the applications, Database, Operating system or in the network will lead to an attack on the web server.<\/p>\n<h2 id=\"web-server-vulnerabilities\"><strong>Web Server Vulnerabilities<\/strong><\/h2>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-37918\" src=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities.png\" alt=\"\" width=\"1118\" height=\"585\" srcset=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities.png 1118w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities-300x157.png 300w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities-1024x536.png 1024w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities-768x402.png 768w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-vulnerabilities-990x518.png 990w\" sizes=\"(max-width: 1118px) 100vw, 1118px\" \/><\/p>\n<ul>\n<li>\n<h3 id=\"default-settings\" style=\"text-align: justify;\"><strong>Default settings <\/strong><\/h3>\n<ul style=\"text-align: justify;\">\n<li>\u00a0A lot of hacking of web servers occur as a result of system administrator leaving settings as default user names, default passwords as well as default file allocations, file settings, file execution types, etc.<\/li>\n<\/ul>\n<\/li>\n<li style=\"text-align: justify;\">\n<h3 id=\"default-accounts\"><strong>Default Accounts<\/strong><\/h3>\n<ul>\n<li>Default accounts, user names and passwords for many internet facing devices must be changed as this is a very easy way to hack the target.<\/li>\n<\/ul>\n<\/li>\n<li style=\"text-align: justify;\">\n<h3 id=\"misconfiguration\">Misconfiguration<\/h3>\n<ul>\n<li>This vulnerability happens when the system admin has not organized the server or the application on the server. This will give easy access to the server and the application.<\/li>\n<\/ul>\n<\/li>\n<li style=\"text-align: justify;\">\n<h3 id=\"software-vulnerabilities\">Software Vulnerabilities<\/h3>\n<ul>\n<li>The admin must patch the software regularly and reboot and maintain their service because with new software vulnerabilities it is easier for tools like \u2018metasploit\u2019 to really crash the software vulnerabilities.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul style=\"text-align: justify;\">\n<li>\n<h3 id=\"lack-of-security-policy-and-procedures\">Lack of security policy and procedures<\/h3>\n<ul>\n<li>\u00a0If the company follow robust security policy and procedure it is less prone to hijacking.<\/li>\n<\/ul>\n<\/li>\n<li>\n<h3 id=\"bad-hygiene-backups-etc\">Bad Hygiene \u2013 Backups etc.<\/h3>\n<ul>\n<li>The backups and other system information not kept securely leave the system vulnerable to the hackers.<\/li>\n<\/ul>\n<\/li>\n<li>\n<h3 id=\"cms-rich-target-environment\">CMS \u2013 Rich Target Environment<\/h3>\n<ul>\n<li>\u00a0If one is using CMS to manage the website, one must follow strict security procedure to safeguard itself from hijackers.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"types-of-web-servers\" style=\"text-align: justify;\"><strong>Types of Web Servers<\/strong><\/h2>\n<p style=\"text-align: justify;\"><img decoding=\"async\" class=\"alignnone size-full wp-image-37916\" src=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server.png\" alt=\"\" width=\"1262\" height=\"974\" srcset=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server.png 1262w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server-300x232.png 300w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server-1024x790.png 1024w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server-768x593.png 768w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/types-of-web-server-990x764.png 990w\" sizes=\"(max-width: 1262px) 100vw, 1262px\" \/><\/p>\n<h3 id=\"apache\" style=\"text-align: justify;\"><strong>Apache<\/strong><\/h3>\n<ul>\n<li>It is free and open source. Many websites are hosted on Apache because of its ease of use.<\/li>\n<\/ul>\n<h3 id=\"iis\" style=\"text-align: justify;\">IIS<\/h3>\n<ul style=\"text-align: justify;\">\n<li>It is owned by Microsoft and its use is increasing significantly.<\/li>\n<\/ul>\n<h3 id=\"nginx\" style=\"text-align: justify;\"><strong>NGINX \u00a0<\/strong><\/h3>\n<ul style=\"text-align: justify;\">\n<li>For large websites like Facebook, Twitter, NGINX is used as it has good multithreading abilities.<\/li>\n<\/ul>\n<h2 id=\"web-server-attack-techniques\" style=\"text-align: justify;\"><strong>Web Server Attack Techniques<\/strong><\/h2>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-37917\" src=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-attack-techniques.png\" alt=\"\" width=\"1023\" height=\"471\" srcset=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-attack-techniques.png 1023w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-attack-techniques-300x138.png 300w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-attack-techniques-768x354.png 768w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/web-server-attack-techniques-990x456.png 990w\" sizes=\"(max-width: 1023px) 100vw, 1023px\" \/><\/p>\n<ul>\n<li>Denial of Service<\/li>\n<li><a href=\"https:\/\/www.wikitechy.com\/interview-questions\/networking\/what-is-dns-and-dns-port-number\/\">DNS<\/a> \/ Domain Hijacking<\/li>\n<li>Brute Force Login<\/li>\n<li>Directory Transversal<\/li>\n<li>Buffer Overflow<\/li>\n<li>Command Execution<\/li>\n<\/ul>\n<h2 id=\"impact-of-web-server-attacks\" style=\"text-align: justify;\"><strong>Impact of Web Server Attacks ?<\/strong><\/h2>\n<ol style=\"text-align: justify;\">\n<li>Reputational Harm \u2013 If the website goes offline or it gets spoiled or if the user data is taken, it could lead to loss of reputation for the website.<\/li>\n<li>\u201cBeachhead\u201d into the network \u2013 If the website is hosted on to the company network and if it gets hijacked the attacker has access to all the website as well as company information.<\/li>\n<li>Defacement \u2013 Many hijackers usually take over the web server and then change the actual landing page with some sort of political, religious or just embarrassing message.<\/li>\n<li>Data Theft \u2013 If we compromise on the web servers, the data is more prone to theft.<\/li>\n<li>Malware Servicing \u2013 If we compromise the web server and there that download malware or Trojans, then it can become a victim of a hijacker easily.<\/li>\n<\/ol>\n<h2 id=\"countermeasures\" style=\"text-align: justify;\"><strong>Countermeasures <\/strong><\/h2>\n<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-37919\" src=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures.png\" alt=\"\" width=\"1085\" height=\"891\" srcset=\"https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures.png 1085w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures-300x246.png 300w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures-1024x841.png 1024w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures-768x631.png 768w, https:\/\/www.wikitechy.com\/technology\/wp-content\/uploads\/2022\/01\/countermeasures-990x813.png 990w\" sizes=\"(max-width: 1085px) 100vw, 1085px\" \/><\/p>\n<ol>\n<li style=\"text-align: justify;\">Software Patches \u2013 One must always patch the software, maintain the web server, and update OS and applications so as to get protection from vulnerabilities.<\/li>\n<li style=\"text-align: justify;\">Server and Software Hardening \u2013 It means that both server and software must perform the task they had to do.<\/li>\n<li style=\"text-align: justify;\"><a href=\"https:\/\/www.wikitechy.com\/tutorials\/ethical-hacking\/kali-linux\/vulnerability-scanning-osmedeus\">Vulnerability Scanning<\/a> \u2013 Look for vulnerabilities on the web server.<\/li>\n<li style=\"text-align: justify;\"><a href=\"https:\/\/www.wikitechy.com\/interview-questions\/networking\/what-is-firewall\/\">Firewalls<\/a> \u2013 There must be a firewall to protect the web server from annoying attacks.<\/li>\n<li style=\"text-align: justify;\">Limit Remote Admin<\/li>\n<li style=\"text-align: justify;\">Change Default Settings<\/li>\n<li style=\"text-align: justify;\"><a href=\"https:\/\/www.wikitechy.com\/tutorials\/ethical-hacking\/kali-linux\/burp-suite-penetration-testing-tools\">Penetration Testing<\/a><\/li>\n<li style=\"text-align: justify;\">Constant Vigilance<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hacking Web Servers &#8211; Today most online services are executed as web applications. Online banking, web search engines, email applications, and social networks are examples of web services. Web content is created in real time by a software application running at server-side. So hackers attack on the web server to steal credential information, passwords, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29859],"tags":[101535,101525,101296,101310,101528,101534,101540,101541,101543,101542,101521,101524,101523,101529,101532,101538,101531,101527,101533,101309,101304,101520,101298,101320,101322,101295,101297,101317,101522,101539,101530,101536,101537,101300,101306,101312,101321,101308,101303,101301,101313,101299,101293,101305,101315,101311,101314,101318,101307,101316,101302,101319,101544,101526,101294],"class_list":["post-37868","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-best-web-server-for-hacking","tag-ethical-hacking-hacking-web-servers-and-web-applications","tag-examples-for-web-servers","tag-google-web-servers","tag-hacking-web-server","tag-hacking-web-server-in-ethical-hacking","tag-hacking-web-server-using-metasploit","tag-hacking-web-server-using-metasploit-in-kali-linux","tag-hacking-web-server-with-kali-linux","tag-hacking-web-server-with-metasploit","tag-hacking-web-servers","tag-hacking-web-servers-and-web-applications","tag-how-to-hack-a-web-server","tag-how-to-prevent-internet-hacking","tag-how-to-prevent-online-hacking","tag-how-to-prevent-web-server-hacking","tag-how-to-protect-web-server-from-hackers","tag-module-13-hacking-web-servers","tag-prevent-web-server-hacking","tag-software-for-web-servers","tag-web-server-and-application-server","tag-web-server-and-its-types-of-attacks","tag-web-server-apache","tag-web-server-architecture","tag-web-server-controls-in-asp-net","tag-web-server-definition","tag-web-server-example","tag-web-server-for-php","tag-web-server-hacking-and-its-types","tag-web-server-hacking-book","tag-web-server-hacking-definition","tag-web-server-hacking-methodology","tag-web-server-installation-hacking-articles","tag-web-server-meaning","tag-web-server-nginx","tag-web-server-python","tag-web-server-short-note","tag-web-server-software","tag-web-server-tomcat","tag-web-server-types","tag-web-server-vs-app-server","tag-web-server-vs-application-server","tag-web-servers","tag-web-servers-and-web-browsers","tag-web-servers-for-java","tag-web-servers-for-python","tag-web-servers-in-hindi","tag-web-servers-in-java","tag-web-servers-in-python","tag-web-servers-java","tag-web-servers-list","tag-web-servers-name","tag-what-is-hacking-web-server","tag-what-is-hacking-web-servers","tag-what-is-web-servers"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=37868"}],"version-history":[{"count":4,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37868\/revisions"}],"predecessor-version":[{"id":37920,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/37868\/revisions\/37920"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=37868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=37868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=37868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}