12 - Hijacking Webservers

A web server, which can be referred to as the hardware, the computer, or the software, is the computer application that helps to deliver content that can be accessed through the Internet. Most people think a web server is just the hardware computer, but a web server is also the software computer application that is installed on the hardware computer. The primary function of a web server is to deliver web pages on the request to clients using the Hypertext Transfer Protocol (HTTP).

Module Objective

Lab Objectives

The objective of this lab is to help students learn to detect unpatched security flaws, verbose error messages, and much more.

The objective of this lab is to:

  • Footprint web servers
  • Crack remote passwords
  • Detect unpatched security flaws


Today, most of the online services are implemented as web applications. Online banking, web search engines, email applications, and social networks are just a few examples of such web services. Web content is generated in real time by a software application running at server-side. So hackers attack the web server to steal credential information, passwords, and business information by DoS (DDoS) attacks, SYN flood, ping flood, port scan, sniffing attacks, and social engineering attacks. In the area of web security, despite strong encryption on the browser-server channel, web users still have no assurance about what happens at the other end. We present a security application that augments web servers with trusted co-servers composed of high-assurance secure coprocessors, con?gured with a publicly known guardian program. Web users can then establish their authenticated, encrypted channels with a trusted co-server, which then can act as a trusted third party in the browser-server interaction. Systems are constantly being attacked, and IT security professionals need to be aware of common attacks on the web server applications. Attackers use sniffers or protocol analyzers to capture and analyze packets. If data is sent across a network in clear text, an attacker can capture the data packets and use a sniffer to read the data. In other words, a sniffer can eavesdrop on electronic conversations. A popular sniffer is Wireshark, It’s also used by administrators for legitimate purposes. One of the challenges for an attacker is to gain access to the network to capture the data. If attackers have physical access to a router or switch, they can connect the sniffer and capture all traffic going through the system. Strong physical security measures help mitigate this risk.

As a penetration tester and ethical hacker of an organization, you must provide security to the company’s web server. You must perform checks on the web server for vulnerabilities, misconfigurations, unpatched security flaws, and improper authentication with external systems.

I. Footprinting Web server Using the httprecon Tool

Web applications are the most important ways for an organization to publish information, interact with Internet users, and establish an e-commerce/e-government presence. However, if an organization is not rigorous in configuring and operating its public website, it may be vulnerable to a variety of security threats. Although the threats in cyberspace remain largely the same as in the physical world (e.g., fraud, theft, vandalism, and terrorism), they are far more dangerous as a result. Organizations can face monetary losses, damage to reputation, or legal action if an intruder successfully violates the confidentiality of their data.

Lab Objectives

The objective of this lab is to help students learn to footprint webservers. It will teach you how to:

  • Use the httprecon tool
  • Get webserver footprint

Lab Analysis

In this lab, you have learnt how to footprint web server using httprecon tool. Analyze and document the results related to the lab exercise. Give your opinion on your target’s security posture and exposure.

II. Footprinting a Web server Using ID Serve

It is very important for penetration testers to be familiar with banner-grabbing techniques to monitor servers to ensure compliance and appropriate security updates. Using this technique you can also locate rogue servers or determine the role of servers within a network. In this lab, you will learn the banner grabbing technique to determine a remote target system using ID Serve. In order to be an expert ethical hacker and penetration tester, you must understand how to footprint a web server.

Lab Objectives

This lab will show you how to footprint web servers and how to use ID Serve. It will teach you how to:

  • Use the ID Serve tool
  • Get a web server footprint

Lab Analysis

In this lab, you have learnt how to footprint web servers using ID Serve. Document all the server information.

Module Syllabus

  • Web server Market Shares
  • Open Source Web server Architecture
  • IIS Web server Architecture
  • Website Defacement
  • Case Study
  • Why are Web Servers Compromised?
  • Impact of Web server Attacks
  • Web server Misconfiguration
    • Example
  • Directory Traversal Attacks
  • HTTP Response Splitting Attack
  • Web Cache Poisoning Attack
  • HTTP Response Hijacking
  • SSH Bruteforce Attack
  • Man-in-the-Middle Attack
  • Web server Password Cracking
    • Web server Password Cracking Techniques
  • Web Application Attacks
  • Web server Attack Methodology
    • Information Gathering
    • Web server Footprinting
      • Web server Footprinting Tools
    • Mirroring a Website
    • Vulnerability Scanning
    • Session Hijacking
    • Hacking Web Passwords
  • Web server Attack Tools
    • Metasploit
      • Metasploit Architecture
      • Metasploit Exploit Module
      • Metasploit Payload Module
      • Metasploit Auxiliary Module
      • Metasploit NOPS Module
    • Wfetch
  • Web Password Cracking Tool
    • Brutus
    • THC-Hydra
  • Countermeasures
    • Patches and Updates
    • Protocols
    • Accounts
    • Files and Directories
  • How to Defend Against Web Server Attacks?
  • How to Defend against HTTP Response Splitting and Web Cache Poisoning?
  • Patches and Hotfixes
  • What is Patch Management?
  • Identifying Appropriate Sources for Updates and Patches
  • Installation of a Patch
  • Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
    • Patch Management Tools
  • Web Application Security Scanner: Sandcat
  • Web Server Security Scanner: Wikto
  • Web server Malware Infection Monitoring Tool: HackAlert
  • Web server Security Tools
  • Web Server Penetration Testing