Scribd
Upload
0 views

m13 Web Servers

Web servers host services and deliver content via HTTP, supporting various application extensions. Security vulnerabilities include improper permissions, default configurations, and lack of updates, while common attacks involve DoS/DDoS, misconfigurations, and directory traversal. Practical methods for assessing web server security include mirroring websites, directory brute-forcing, and using tools like Wget and Gobuster.

Uploaded by

hihim31592
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0 views

m13 Web Servers

Web servers host services and deliver content via HTTP, supporting various application extensions. Security vulnerabilities include improper permissions, default configurations, and lack of updates, while common attacks involve DoS/DDoS, misconfigurations, and directory traversal. Practical methods for assessing web server security include mirroring websites, directory brute-forcing, and using tools like Wget and Gobuster.

Uploaded by

hihim31592
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

# Web Server

Web Servers are the programs that are used for hosting services.
Web Servers are deployed on a separate web server hardware or installed on a host
as a program.
It delivers content over **Hyper Text Transfer Protocol** (HTTP).
Web Servers support different types of application extensions whereas all of the
support **Hypertext Markup Language** (HTML).

# Web Server Security Issue


Web server vulnerabilities:
- Improper permission of file directories
- Default configurations
- Enabling unnecessary services
- Lack of security/updates
- Bugs
- Misconfigured/expired SSL certificate

# Open Source Web Servers


- Apache HTTP Server
- Nginx
- Apache Tomcat
- iis

# Web Server Attacks


# DoS/DDoS
# Webserver Misconfiguration
Attacker looks for misconfigurations and vulnerabilities to exploit.
# Directory Traversal Attacks
Attacker using trials and error method to access restricted directories to reveal
sensitive information.
# Website Defacement
After a successful intrusion, attacker alters and modify the content of the
website.

# Attack Methodology
# Information Gathering
Collecting information from internet.
-- scanning with nmap ( ports like 21,80,443 )
# robots.txt and directory/file bruteforcing.
Attacker extract information about internal files.
# Web Server Footprinting
Results the server name, type, OS, applications, etc.
# if any service is vulnerable we can exploit it ( ftp,mysql,telnet etc.)

Practical ------

1. Mirroring a website
Download the website, to inspect offline, without any interaction to the target.
Tool:
- Wget - ( wget --mirror )

2. Directory bruteforce -
gobuster dir -u https://www.craw.in -w /usr/share/wordlists/dirbuster/directory-
list-2.3-medium.txt

3. find os and technology details from netcraft

4. wappalyzer extention
Tools --

ghosteye ( github )

You might also like