...

Networking - Ethical Hacking

Back to Course

Lesson Description


Lession - #1207 Hack a Web Server


Clients for the most part go to the web to get data and purchase items and administrations. Towards that end, most associations have websites.Most sites store important data, for example, Mastercard numbers, email address and passwords, and so on. This has made them focuses to assailants. Ruined sites can likewise be utilized to impart strict or political belief systems and so forth.

Types of Web Servers

  • Apache-This is the usually utilized web server on the web. It is cross stage yet is it's normally introduced on Linux. Most PHP sites are facilitated on Apache servers.
  • Internet Information Services (IIS>
    - It is created by Microsoft. It runs on Windows and is the second most utilized web server on the web. Most asp and aspx sites are facilitated on IIS servers.
  • Apache Tomcat - Most Java server pages (JSP>
    sites are facilitated on this kind of web server.
  • Other web servers - These incorporate Novell's Web Server and IBM's Lotus Domino servers.

    Web server attack tools

  • Metasploit-this is an open source instrument for creating, testing and utilizing exploit code. It tends to be utilized to find weaknesses in web servers and compose takes advantage of that can be utilized to think twice about server.
  • MPack-this is a web double-dealing apparatus. It was written in PHP and is supported by MySQL as the data set motor. When a web server has been compromised utilizing MPack, everything traffic to it is diverted to vindictive download sites.
  • Zeus-this device can be utilized to transform a compromised PC into a bot or zombie. A bot is a compromised PC which is utilized to perform web based assaults. A botnet is an assortment of compromised PCs. The botnet can then be utilized in a forswearing of administration assault or sending spam sends.
  • Neosplit - this device can be utilized to introduce programs, erase programs, recreating it, and so on.

    Hacking Activity: Hack a WebServer

    In this useful situation, we will take a gander at the life systems of a web server assault. We will expect we are focusing on www.techpanda.org. We are not really going to hack into it as this is unlawful. We will just involve the area for instructive purposes.

    Information gathering
    We should get the IP address of our objective and observe different sites that share a similar IP address.

    We will utilize an internet based apparatus to observe the objective's IP address and different sites sharing the IP address.

  • Enter the URL https://www.yougetsignal.com/tools/web-sites-on-web-server/ in your web browser.
  • Enter www.techpanda.org as the target.


  • Click on Check button.


    In light of the above results, the IP address of the objective is 69.195.124.112

    We additionally figured out that there are 403 spaces on a similar web server.

    Our subsequent stage is to examine different sites for SQL infusion weaknesses. Note: on the off chance that we can observe a SQL defenseless on the objective, then we would straightforwardly take advantage of it disregarding different sites.

  • Enter the URL www.bing.com into your internet browser. This will just work with Bing so don't utilize other web search tools like google or hurray
  • Enter the accompanying search query: .ip:69.195.124.112 .php?id=