Before we begin how web servers were hacked, let us first look into various requirements to form a complete web portal.
- A webserver is one which listens on port 80.
- The client software usually a browser connects to the port and sends HTTP queries.
- The we service responds by providing the requested content like HTML, java script, python…..Etc.
- There are also some cases when the service could be run on custom configured port rather than the default one
- Web servers also host services such as FTP or NNTP.
Modern web applications often just don’t deliver content in the form of simple web pages, but they deliver in the form of database server ,application server and middleware software are also used to generate and provide business specific data to the website users .
These components are commonly installed and run on separate set of servers ,which may or may not share a storage space in common.
Advanced web application code may internally call web services h hosted on different services
WEB-HACKING: – It is fairly easy to hack a website. A novice hacker may attempt to steal data from a website, whereas a prohacker may cause a serious damage by either defacing the website either by using a webserver or a virus attack. Unlike most attacks, the techniques used in web attacks range from layer2 to layer7 (i.e. from presentation layer to physical layer in the OSI model),thus making a webserver defendable to wider variety of possible hacking attempts. Since the firewall port must be opened for the web service (by default port 80), it cannot help in preventing layer 7 attacks (physical layer), which makes the possibility of detection of web attacks a bit difficult. From the security perspective ,each of these components exhibit some vulnerability, which if exploited can result in hacking of content in a webpage .
Let us now discuss some more attacks performed by wild nauritious hackers.
DOS AND SNIFFING-: Since any website is hosted on an ip address open to the internet, a DOS attack can easily take a web server down easily regarding a web site. Similarly packet sniffing can easily be used to compare plain text user ID’s and passwords .If encryption or other security measures are not put in place during web designing almost all layer2 and layer3 attacks such as packet flooding ,SYN flooding etc. are possible on a website IP and the port on which it is hosted.
HTTP DOS ATTACK:- unlike a network layered based DOS attack works at layer7.In this type of attack, the attacker stretches the period with the help of programming by which one can get the list of pages to be accessed, during which the attacker also makes note of the time required by server to process each page .And now the pages which require higher processing time are selected and at once multiple HTTP requests are sent to the web server.TO provide with a request the web server starts consuming resources after reaching its resource limits , it stops responding to the requests.
Hackers are known to use a simple scripts to create a flood of HTTP GET requests to archive this attack which are found on the internet ,you can just find simply by Google search .
Access control exploitation:- This condition is usually seen in web portals where a user is given a user ID and a password to login.
Web portal administrators will be given their own credentials for maintenance and data management services . If the management services are not secured under the conditions with tough encryption with programming hackers can take advantage of it,
If a web server is not fixed with latest updates of security fixes hackers can take advantage of this and there is a chance of remote
Execution which can’t be detected easily. Leaving no traces of their attack.
FORMS INPUT INVALIDATION:-Many websites use forms that are filled with information by website users submitted to the server.
And when the information is submitted to server ,it validates the information sent and saves in a database. This job is usually done by a client browser, if these validations are not very strong enough then it gives a chance for the hacker to run a backend program exploiting the validations. If a field such as a unique id number is mandatory ,and if the validation for the unique id is not done properly then attacker can submit fake unique id numbers with the help of programming flooding the database.
CODE –EXPLOITATION-:This attack is pretty much similar to the pervious form input validation attack ,the only difference about this against the previous attack is the way they exploit it. Often administrators and programmers put certain limits for certain exploits isn’t possible always to control the exploit.
Suppose if there is a condition that a username shouldn’t exceed 50 character strokes ,or another assumption that value should be always positive. These type of assumptions give a free flow to hackers hands where they can able try the field with 100 characteristics of negative keystrokes, and adding rapid data stress
COOKIE POISINING:-Cookies are a small information snippets which are present in every browser .
Which are useful in storing the information related session.(session is part of data stored on the client machines hard drive when a webpage is connected with the system)
It’s the cookie which remembers shopping cart contents when you shop in e-commerce stores on the web which displays the recommended items for you and preferences ,all the data shown is by tracking data from your cookies. While it is not that simple to tamper a cookie an top level hacker can gain control over the cookies and controlling the data. Poisoning is achieved by a Trojan backdoor or a virus which are freely available over the web, some of the best Trojan backdoors used by a hackers are girlfriend ,net bus, prorat,backorrifice,Sub7,winbackdoor … there are also a special class of Trojans called as FUD Trojans (fully undetectable Trojans) like lost door ,nuclear rat, poison ivy …
These Trojans keep monitoring ,Forging cookies and sends every activity to the hacker the system in which it is downloaded or infected and where FUD Trojans leave no races so that it cant be discovered.
Beside the phenomenon of monitoring and forging it also alters the contents of cookies to cause serious problem ,such as delivering the cart content to a different address. If a session information is stored in the cookie advanced pro hackers can gain access to something seriously one cant think of and steal the session causing MAN –IN –THE-MIIDDLE-ATTACK which is a serious issue now a days now where hackers stole millions of users account details from companies like PayPal ,eBay, amazon a week ago (As SEA claimed responsibility for this SYRIAN-ELECTRONIC-ARMY)
Session Hijacking:-A webserver talks to multiple web browsers at a some time, to take requests and deliver content, while each connection is made ,the web server needs to have a way to maintain a special way for its connection. Which takes session tokens for this -Dynamically generated text strings which are the factors for the ipadress ,date ,time
Hackers can steal these essentially by guessing in the programming method ,sniffing the whole network, performing a client side attack on the victims computer. once the essentials are stolen they can be used to create fake web request from which a hacker can stole whole users session and information.
URL-QUERY-STRING-TAMPERING:- web pages that pull data are often found to use Query strings in the main URL is http://www.xyz.com/ which may use http://www.xyz.com/showdata?field=field1&=ab=fig=10&field2=xyz=15passfield2
And the output is provided in the browser in the form of a web page.
Having the query string exposed so easily it is possible for the users to edit the string so easily beyond what is expected or it also possible to fill with fake characters, which can further result in gaining access to information which they are not supposed to get .
In the worst case he plans for a brute force dictionary attack If the field values are user id and password by which he can gain access authorization access.
CROSS SITE SCRIPTING:-This is most common attack used to attack websites using( XSS) [cross site scripting].It is also known that large number of popular websites are vulnerable to this type of attack, the result of this vulnerability is weak programming which allows hacker to use those loopholes to attack a website. As we know that the client browser system maintains its own levels of security where it doesn’t allow any cookies ,contents of a web site to be accessed by anyone.
Now ill let you understand clearly with a simple example
First consider a page that takes username as a input and writes back on the home screen “welcome username”. Lets say that input box ix filled with a js like
“<script>alert (‘i like to buy a mac ,its my dream machine’)</script
Here the web page may end up executing the script tags ,showing the message box “I like to buy a mac,its my dream machine”. This can further be exploited by a hacker ,by simply poisoning the cookie ,stealing the session and injecting the cookie into victims browser
Which will create a rapid damage for the user.