EC Council CEH 312-50 V11 – Website Hacking
- Introduction – What Is A Website ?
In this section we’re going to be talking about web application penetration testing. Before we can start talking about that, we need to understand what is a website. And just like I said before, a website is just an application installed on a computer. That computer probably just has better specs than your computer, but fundamentally it works exactly just like another computer computer. So it has an operating system and it also has a number of applications to allow it to act as a web server. So the main two applications that it probably has is a web server and a database.
A web server is like Apache and the database is like MySQL and the web server basically understands and executes the web application. So your web application would be written in PHP or Python on any programming language. Really. The only thing is that the web server needs to be able to understand and execute this web application. The database contains the data used by the web application. So all of this is stored on a computer called the server. The computer is connected to the internet and it has a real IP address, so anybody can access that computer and can ping it. So the web application is executed by the web server, which is installed by which is installed on your server on your target.
Therefore, anytime you request a page or you run the web application, it’s actually executed on the web server and it’s not executed at the client’s computer, it gets executed at the web server and then it sends a HTML page which is ready to read for the target person or for the clients. So let’s have a look on an example, and let’s say you’re on a phone or on your computer and you wanted to go to Facebook. com. So you type in Facebook. com into your URL. This will be translated using a DNS server to an IP address. So there is a server that translates everyname. com edu or any website with a name, with a domain name. So this is a domain name to its relevant IP address.
So your quests, Facebook. com, their quest goes to a DNS server. It translates Facebook. com to the IP where Facebook is stored. And then it’ll go to Facebook to the IP address of Facebook. It’ll execute the page that you wanted using all of the applications that we spoke about and then just give you ready HTML. So what you get back is just a markup written in HTML, which is a markup language of the result of executing the program. So the program gets executed on the server and then you just only get the result. This is very important because in the future if we wanted to get anything executed on the web server, if we wanted to get a shell or a verse shell or a virus executed on the target computer, then we need to send it into a language that the web server understands.
So, for example, PHP and once you execute it there, it will be executed on that computer, not on your computer. So regardless of the person that accesses the page, the webshell that you’re going to send, if it’s written in PHP in a language that the server understands, is going to be executed on the server and not on your computer. Therefore it will give you access to the server and not access to the person who accessed that server. JavaScript, on the other hand, there is some websites use JavaScript and JavaScript is a client side language.
So if you manage to find a website that allows you to run JavaScript code, then the code will be executed by the clients. So even though the code might be injected into the web server, it will be executed on the client side and it will allow you to do things to the client computer and not to the server. So it’s very important to separate between a client side language and the server side language.
- How To Hack a Website?
How would you attack a website? You can use the methods that we learned so far into attacking a website, because we said a website is installed on a computer, so you can try to attack it and try to hack it just like another computer. So you can try to use the server side attacks, try to see the web server installed, the operating system, all the other applications, and see if you can use if any of them has any vulnerabilities and if you can use any of them to gain access to the computer. Another way to do that is to use the server side attacks, the client side attacks. Because websites are managed by humans, so there must be humans managing these websites and maintaining them.
So if you manage to hack any of the administrators of this website, then you probably be able to get their username and password and then from there login to their admin panel or to SSH, to any services that they use to manage their website. If both of these ways fail, then what you can do is you can try to test the web application, because as I said, the web application is just an application installed on that website. So your target might actually not be the web application. Maybe your target was just a person using that website, but you were never able to gain access to that person’s computer. So what you do is you go to his website, hack into his website, and from there go to your person.
So all of these things that we’re talking about, they’re all interconnected and you can use one of them to privilege and then make your way to another place or to another computer. So in this section we’re not going to be talking about the server and the client side effects because you’ve already learned that what we’re going to be talking about is the testing, the security of the web application itself. So my target is going to be this metasploitable machine, and if we do an if config on it, you’ll see its IP is 1020 14 204, and all the website files are stored in a directory called Varw. And you can see that we have our PHP info and we have Mattelodevwa and PHP Myadmin.
So if we go to the Kali machine or to any machine and try to go any machine on the same network, obviously, and try to go to open the browser, and if we go to 1020 14 to four, you’ll see we have a website here made for measploitable. So as you can see, a website is just an application installed on the web browser and you can see that you can access any of these websites right here and use it and test its security. Another thing is the Dvwa uses a username and a password to log in and the username is admin and the password is password. And once you put that, then you can log in.
You can also modify the security settings. So if you go on the Dvwa security, I’m going to be sitting it too low, and I’m always going to be using it as low in the upcoming sections because this is just an introductory course. So we’re only going to be talking about the basic ways of discovering web application vulnerabilities. And the same with the Mitel Day web application. So if we go to it here, make sure that your security is set to low. So my security is set to zero right here. Zero.