The Basics of Web Hacking
eBook - ePub

The Basics of Web Hacking

Tools and Techniques to Attack the Web

  1. 160 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Basics of Web Hacking

Tools and Techniques to Attack the Web

About this book

The Basics of Web Hacking introduces you to a tool-driven process to identify the most widespread vulnerabilities in Web applications. No prior experience is needed. Web apps are a "path of least resistance" that can be exploited to cause the most damage to a system, with the lowest hurdles to overcome. This is a perfect storm for beginning hackers. The process set forth in this book introduces not only the theory and practical information related to these vulnerabilities, but also the detailed configuration and usage of widely available tools necessary to exploit these vulnerabilities.The Basics of Web Hacking provides a simple and clean explanation of how to utilize tools such as Burp Suite, sqlmap, and Zed Attack Proxy (ZAP), as well as basic network scanning tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more. Dr. Josh Pauli teaches software security at Dakota State University and has presented on this topic to the U.S. Department of Homeland Security, the NSA, BlackHat Briefings, and Defcon. He will lead you through a focused, three-part approach to Web security, including hacking the server, hacking the Web app, and hacking the Web user.With Dr. Pauli's approach, you will fully understand the what/where/why/how of the most widespread Web vulnerabilities and how easily they can be exploited with the correct tools. You will learn how to set up a safe environment to conduct these attacks, including an attacker Virtual Machine (VM) with all necessary tools and several known-vulnerable Web application VMs that are widely available and maintained for this very purpose. Once you complete the entire process, not only will you be prepared to test for the most damaging Web exploits, you will also be prepared to conduct more advanced Web hacks that mandate a strong base of knowledge.- Provides a simple and clean approach to Web hacking, including hands-on examples and exercises that are designed to teach you how to hack the server, hack the Web app, and hack the Web user- Covers the most significant new tools such as nmap, Nikto, Nessus, Metasploit, John the Ripper, web shells, netcat, and more!- Written by an author who works in the field as a penetration tester and who teaches Web security classes at Dakota State University

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Basics of Web Hacking by Josh Pauli in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.
Chapter 1

The Basics of Web Hacking

Chapter Rundown:

ā–  What you need to know about web servers and the HTTP protocol
ā–  The Basics of Web Hacking: our approach
ā–  Common web vulnerabilities: they are still owning us
ā–  Setting up a safe test environment so you donā€™t go to jail

Introduction

There is a lot of ground to cover before you start to look at specific tools and how to configure and execute them to best suit your desires to exploit web applications. This chapter covers all the areas you need to be comfortable with before we get into these tools and techniques of web hacking. In order to have the strong foundation you will need for many years of happy hacking, these are core fundamentals you need to fully understand and comprehend. These fundamentals include material related to the most common vulnerabilities that continue to plague the web even though some of them have been around for what seems like forever. Some of the most damaging web application vulnerabilities ā€œin the wildā€ are still as widespread and just as damaging over 10 years after being discovered.
Itā€™s also important to understand the time and place for appropriate and ethnical use of the tools and techniques you will learn in the chapters that follow. As one of my friends and colleagues likes to say about using hacking tools, ā€œitā€™s all fun and games until the FBI shows up!ā€ This chapter includes step-by-step guidance on preparing a sandbox (isolated environment) all of your own to provide a safe haven for your web hacking experiments.
As security moved more to the forefront of technology management, the overall security of our servers, networks, and services has greatly improved. This is in large part because of improved products such as firewalls and intrusion detection systems that secure the network layer. However, these devices do little to protect the web application and the data that are used by the web application. As a result, hackers shifted to attacking the web applications that directly interacted with all the internal systems, such as database servers, that were now being protected by firewalls and other network devices.
In the past handful of years, more emphasis has been placed on secure software development and, as a result, todayā€™s web applications are much more secure than previous versions. There has been a strong push to include security earlier in the software development life cycle and to formalize the specification of security requirements in a standardized way. There has also been a huge increase in the organization of several community groups dedicated to application security, such as the Open Web Application Security Project. There are still blatantly vulnerable web applications in the wild, mainly because programmers are more concerned about functionality than security, but the days of easily exploiting seemingly every web application are over.
Therefore, because the security of the web application has also improved just like the network, the attack surface has again shifted; this time toward attacking web users. There is very little that network administrators and web programmers can do to protect web users against these user-on-user attacks that are now so prevalent. Imagine a hackerā€™s joy when he can now take aim on an unsuspecting technology-challenged user without having to worry about intrusion detection systems or web application logging and web application firewalls. Attackers are now focusing directly on the web users and effectively bypassing any and all safeguards developed in the last 10 + years for networks and web applications.
However, there are still plenty of existing viable attacks directed at web servers and web applications in addition to the attacks targeting web users. This book will cover how all of these attacks exploit the targeted web server, web application, and web user. You will fully understand how these attacks are conducted and what tools are needed to get the job done. Letā€™s do this!

What Is a Web Application?

The term ā€œweb applicationā€ has different meanings to different people. Depending on whom you talk to and the context, different people will throw around terms like web application, web site, web-based system, web-based software or simply Web and all may have the same meaning. The widespread adoption of web applications actually makes it hard to clearly differentiate them from previous generation web sites that did nothing but serve up static, noninteractive HTML pages. The term web application will be used throughout the book for any web-based software that performs actions (functionality) based on user input and usually interacts with backend systems. When a user interacts with a web site to perform some action, such as logging in or shopping or banking, itā€™s a web application.
Relying on web applications for virtually everything we do creates a huge attack surface (potential entry points) for web hackers. Throw in the fact that web applications are custom coded by a human programmer, thus increasing the likelihood of errors because despite the best of intentions. Humans get bored, hungry, tired, hung-over, or otherwise distracted and that can introduce bugs into the web application being developed. This is a perfect storm for hackers to exploit these web applications that we rely on so heavily.
One might assume that a web application vulnerability is merely a human error that can be quickly fixed by a programmer. Nothing could be further from the truth: most vulnerabilities arenā€™t easily fixed because many web application flaws dates back to early phases of the software development lifecycle. In an effort to spare you the gory details of software engineering methodologies, just realize that security is much easier to deal with (and much more cost effective) when considered initially in the planning and requirements phases of software development. Security should continue as a driving force of the project all the way through design, construction, implementation, and testing.
But alas, security is often treated as an afterthought too much of the time; this type of development leaves the freshly created web applications ripe with vulnerabilities that can be identified and exploited for a hackerā€™s own nefarious reasons.

What You Need to Know About Web Servers

A web server is just a piece of software running on the operating system of a server that allows connections to access a web application. The most common web servers are Internet Information Services (IIS) on a Windows server and Apache Hypertext Transfer Protocol (HTTP) Server on a Linux server. These servers have normal directory structures like any other computer, and itā€™s these directories that house the web application.
If you follow the Windows next, next, next, finish approach to installing an IIS web server, you will end up with the default C:\Inetpub\wwwroot directory structure where each application will have its own directories within wwwroot and all vital web application resources are contained within it.
Linux is more varied in the file structure, but most web applications are housed in the /var/www/ directory. There are several other directories on a Linux web server that are especially relevant to web hacking:
ā–  /etc/shadow: This is where the password hashes for all users of the system reside. This is the ā€œkeys to the kingdomā€!
ā–  /usr/lib: This directory includes object files and internal binaries that are not intended to be executed by users or shell scripts. All dependency data used by the application will also reside in this directory. Although there is nothing executable here, you can really ruin somebodyā€™s day by deleting all of the dependency files for an application.
ā–  /var/*: This directory includes the files for databases, system logs, and the source code for web application itself!
ā–  /bin: This directory contains programs that the system needs to operate, such as the shells, ls, grep, and other essential and important binaries. bin is short for binary. Most standard operating system commands are located here as separate executable binary files.
The web server is a target for attacks itself because it offers open ports and access to potentially vulnerable versions of web server software installed, vulnerable versions of other software installed, and misconfigurations of the operating system that itā€™s running on.

What You Need to Know About HTTP

The HTTP is the agreed upon process to interact and communicate with a web application. It is completely plaintext protocol, so there is no assumption of security or privacy when using HTTP. HTTP is actually a stateless proto...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. Biography
  8. Foreword
  9. Introduction
  10. Chapter 1. The Basics of Web Hacking
  11. Chapter 2. Web Server Hacking
  12. Chapter 3. Web Application Recon and Scanning
  13. Chapter 4. Web Application Exploitation with Injection
  14. Chapter 5. Web Application Exploitation with Broken Authentication and Path Traversal
  15. Chapter 6. Web User Hacking
  16. Chapter 7. Fixes
  17. Chapter 8. Next Steps
  18. Index