WEB SERVER ON TARGET
Web Servers as Targets
A computer that is responsible for accepting HTTP requests from clients (user agents such as
web browsers), and serving them HTTP responses along with optional data contents, which
usually are web pages such as HTML documents and linked objects (images, etc.).
Software to setup a Web Server:
• Internet Information Services(IIS)
How Webserver Works: The Basic Process
Let's say that you are sitting at your
computer, surfing the Web. So you
type that URL into your browser and
press return. And magically, no
matter where in the world that URL
lives, the page pops up on your screen
At the most basic level possible, the following diagram shows the steps that brought that page to
Web browser formed a connection to a Web server, requested a page and received it.
1. Client sends the request for a Webpage on the Webserver.
2. Webserver receives the request the sends the Webpage code to the Client.
3. Client receives the Webpage code, and the Web Browser converts that code in to design
and displays it to the User.
• The database server is a key component in a client/server environment. It holds the
database management system (DBMS) and the databases.
• Upon requests from the client machines, it searches the database for selected records and
passes them back over the network.
Software to setup a Database Server:
• SQL Server
The Login Process on the Website
Let's say that you are sitting at your computer, surfing the Web, and you open a Website to
Login to your account.
You types in the Login Username and Password and clicks on Sign in and you get in to your
1. Client sends the request for the Login page on the Webserver.
2. Webserver receives the request the sends the Login page code to the Client.
3. Client receives the Login page code, and the Web Browser converts that code in to
design and displays it to the User.
4. Client puts in the Username and Password in the Login page and sends it to the Web
5. Web Server receives the Username and Password and forwards it to the Database server.
6. Database server receives the Username and Password from the Web Server and checks
its tables for that Username and Password.
7. After the finding process is complete, the Database Server sends the result of the
authentication to the Web Server.
8. Web Server receives the Authentication result from the Database Server and on the basis
of the result, redirects the User to the proper Webpage.
If the Authentication is True, User gets signed in to the Account, and if it fails User is asked to
Sign in again.
Operations of a Database Server.
Database server consists of tables and records. Records are kept in tables. These tables and
records the updated on a regular basis. Below are the four main working functions of a Database
1. Creation of Records: CREATE
• Create or add new entries
2. Accessing the Records: READ
• Read, retrieve, search, or view existing entries
3. Updating the Records: UPDATE
• Update or edit existing entries
4. Deleting the Records: DELETE
• Delete existing entries
This is known as CRUD operation of a Database Server.
1. Creating or Inserting the records in the Table
• INSERT INTO tablename (column1, [column2, ... ]) VALUES (value1, [value2,
• The number of columns and values must be the same. If a column is not
specified, the default value for the column is used.
2. Accessing or Reading the Records
• SELECT (column1, [column2, ... ]) FROM tablename;
• SELECT * FROM tablename (for all the fields)
3. Updating the Records
• UPDATE tablename SET C1 = 1 WHERE C2 = 'a';
4. Deletion of records
• DELETE FROM tablename [WHERE condition];
• An SQL injection attack exploits vulnerabilities in a web server database that allow the
attacker to gain access to the database and read, modify, or delete information.
• A simple example of a SQL injection attack is to use the single quotation mark as part of
an input value to a Web page. These values can be inserted into a login as follows:
o Login: admin’--
o Login: admin'#
• Database Server ignores everything after "--" or "#" because these characters are the
single line comment sequence. They are needed for inputs and queries to terminate
without an error.
• Another example of a SQL injection attack is making the condition true by giving the
identical value to a web page.
• These values can be inserted into a login as follows:
o Login: 1' or '1'='1 and Password= 1' or '1'='1
o Login: 1' or '1'='1';--
• When the Username argument is evaluated, ‘1’=’1’ will assess to TRUE, and an authentic
username will be returned.
• Website Enumeration is checking the structure of a Web site.
• Acquiring the files and folders from the Website to the Local Computer. This is also
known as Web Ripping.
• It is the ability to copy the structure of a Web site to a local disk and obtain a complete
profile of the site and all its files and links.
PHP Injection: Placing PHP Backdoors
• This attack provides the means for a hacker to execute his or her system level code on a
target web server. With this capability, an attacker can compromise the web server and
access files with the same rights as the server system software.
• For example, a number of PHP programs contain a vulnerability that could enable the
transfer of unchecked user commands to the eval( ) function.
• As we all know, Google is a Search Engine. It keeps snapshots of pages it has crawled
that we can access via the cached link on the search results page.
• Google hacking can be used to explore the Website by using some Advance Google
You can look for the particular File type, Password files and Directories. Even you can find out
the IP based CCTV Cameras.
• Intitle: Searches the text in the title of the Website.
• Inurl: Finding the text in the URL of the Website.
• Filetype: Searching for Files of a Specific Type
• Site: To narrow the Search to Specific Sites
To Find the IP Based CCTV Cameras
The Wayback Machine
• Archive.org, called the Wayback Machine.
• Hackers use this website to have a look how other websites looked in the past.
Putting breaks on Web Application attacks
• Input Validation on the SQL injection
• There are measures that can be applied to mitigate SQL injection attacks. Use of these
practices does not guarantee that SQL injection can be completely eliminated, but they
will make it more difficult for hackers to conduct these attacks.
Directory access controls
• Htaccess files provide a way to make configuration changes on a per-directory basis.
• .htaccess files should be used in a case where the content providers need to make
configuration changes to the server on a per-directory basis, but do not have root access
on the server system.
Deny Google to your website
• A robots.txt file on a website will function as a request that specified robots ignore
specified files or directories in their search.
• For websites with multiple subdomains, each subdomain must have its own robots.txt
file. If example.com had a robots.txt file but a.example.com did not, the rules that would
apply for example.com would not apply to a.example.com.
Basic Website Security
• Put an Input Validation to countermeasure the SQL Injection.
• Always change the default Username and Passwords.
• Do not allow every type of file to get uploaded on your Website.
• Check the files on the Website regularly.