Web Hacking
Web hacking generally refers to exploiting applications over the Hypertext Transfer Protocol (HTTP). This can be done by manipulating the application through a web graphical interface, by manipulating the Uniform Resource Identifier (URI), or by abusing HTTP elements.
Web Server Hacking :
A web server is a system for storing, processing, and serving websites. Web server hacks include:
Name of Term | Description of term |
---|---|
Information gathering | In web servers hacking, Information gathering is Collecting robots.txt to view hidden directories/files |
Footprinting | Footprinting in web server hacking is a listing of popular web apps |
Mirroring | This makes it easy to find directory forms and other important records from mirrored copies without making several requests to the web server. |
vulnerabilities analysis | A vulnerability assessment is a review focused on security-related issues that have a moderate or severe impact on the security of a product or system. |
Web Server Hacking Topen-sourceools:
Names of Tools | Description of Tools |
---|---|
Wfetch |
Wfetch was originally part of the IIS 6.0 Resource Kit Tools. Can be used to troubleshoot HTTP redirects, HTTP status codes, etc. |
THC Hydra |
This tool is widely used for hacking quick network logins. Attack the login page using both dictionary and brute force attacks. |
HULK DoS |
HULK is a denial of service (DoS) tool used to attack web servers by generating a unique and disguised amount of traffic. |
w3af |
w3af is a web application attack and audit framework. The purpose of this project is to create a framework that helps secure web applications by finding and exploiting all vulnerabilities in web applications. |
Metasploit |
The Metasploit framework is a very powerful tool that both cyber criminals and ethical hackers can use to investigate systematic vulnerabilities in networks and servers. |
Sqlmap |
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and database takeovers. |
Ethical Hacking Cheatsheet
Ethical hacking includes authorized attempts to gain unauthorized access to computer systems, applications, or data. Ethical hacking requires replicating the strategies and behaviors of malicious attackers. This practice helps identify security vulnerabilities, So they can be fixed before malicious attackers can exploit them.