CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [69]
A countermeasure to cross site scripting is to replace "<" and ">" characters with "&It;" and ">" using server scripts. A countermeasure to SSL attacks is to install a proxy server and terminate SSL at the proxy or install a hardware SSL accelerator and terminate SSL at this layer.
Objectives of Web Application Hacking
The purpose of hacking a web application is to gain confidential data. Web applications are critical to the security of a system because they usually connect to a database that contains information such as identities with credit card numbers and passwords. Web application vulnerabilities increase the threat that hackers will exploit the operating system and web server or web application software. Web applications are essentially another door into a system and can be exploited to compromise the system.
Anatomy of an Attack
Hacking web applications is similar to hacking other systems. Hackers follow a five-step process: They scan a network, gather information to test different attack scenarios, and finally plan and launch an attack. The steps are listed in Figure 8.1.
FIGURE 8.1 The stages of a web application attack
Web Application Threats
Many web application threats exist on a web server. The following are the most common threats:
Cross-site scripting A parameter entered into a web form is processed by the web application. The correct combination of variables can result in arbitrary command execution.
SQL injection Inserting SQL commands into the URL gets the database server to dump, alter, delete, or create information in the database.
Command injection The hacker inserts programming commands into a web form.
Cookie poisoning and snooping The hacker corrupts or steals cookies.
Buffer overflow Huge amounts of data are sent to a web application through a web form to execute commands.
Authentication hijacking The hacker steals a session once a user has authenticated.
Directory traversal / Unicode The hacker browses through the folders on a system via a web browser or Windows explorer.
Hacking Tools
Instant Source allows a hacker to see and edit HTML source code. It can be used directly from within the web browser.
Wget is a command-line tool that a hacker can use to download an entire website, complete with all the files. The hacker can view the source code offline and test certain attacks prior to launching them against the real web server.
WebSleuth uses spidering technology to index an entire website. For example, WebSleuth can pull all the e-mail addresses from different pages of a website.
BlackWidow can scan and map all the pages of a website to create a profile of the site.
SiteScope maps out the connections within a web application and aids in the deconstruction of the program.
WSDigger is a web services testing tool that contains sample attack plug-ins for SQL injection, cross-site scripting, and other web attacks.
Burp is a Windows-based automated attack tool for web applications. It can also be used to guess passwords on web applications and perform man-in-the-middle attacks.
Understand Google Hacking
Google hacking refers to using Google's powerful search engine to locate high-value targets or to search for valuable information such as passwords.
Many tools such as http: //johnny. i hackstuff. corn and Acunetix Web Vulnerability Scanner contain a list of Google hacking terms organized in a database, to make searching easier. For example, you can enter the term password or medical records into the Google search engine and see what information is available. Many times, Google can pull information directly out of private databases or documents.
Understand Web Application Countermeasures
Countermeasures exist for common web application vulnerabilities. Following are countermeasures for each of the web application vulnerabilities listed in the previous section: