Bài 10: Hacking Web Servers

Số trang: 51 Loại file: ppt Dung lượng: 6.71 MB Lượt xem: 8 Lượt tải: 0

Hoai.2512

Phí tải xuống: 28,000 VND

Xem trước 6 trang đầu tiên của tài liệu này:

Thông tin tài liệu:

CollectionInformation DescribeWebapplications ExplainWebapplicationvulnerabilities DescribethetoolsusedtoattackWebservers...
Nội dung trích xuất từ tài liệu:
Bài 10: Hacking Web Servers Lesson10HackingWebServers CollectionInformation DescribeWebapplications ExplainWebapplicationvulnerabilities DescribethetoolsusedtoattackWebservers 2Hands-On Ethical Hacking and Network Defense 3Hands-On Ethical Hacking and Network Defense 4 Itisnearlyimpossibletowriteaprogramwithout bugs Somebugscreatesecurityvulnerabilities  Webapplicationsalsohavebugs Webapplicationshavealargeruserbasethanstandalone  applications  BugsareabiggerproblemforWebapplications 5 StaticWebpages CreatedusingHTML  DynamicWebpages Needspecialcomponents  tags  CommonGatewayInterface(CGI)  ActiveServerPages(ASP)  PHP  ColdFusion  Scriptinglanguages  Databaseconnectors  6 UsetheelementortaginanHTML document AllowscustomertosubmitinformationtotheWebserver  WebserversprocessinformationfromaWebform byusingaWebapplication Easywayforattackerstointerceptdatathatusers submittoaWebserver 7 WebformexampleEnter your username:Enter your password: 89 HandlesmovingdatafromaWebservertoaWeb browser ThemajorityofdynamicWebpagesarecreatedwith CGIandscriptinglanguages DescribeshowaWebserverpassesdatatoaWeb browser ReliesonPerloranotherscriptinglanguagetocreate  dynamicWebpages CGIprogramscanbewrittenindifferent programmingandscriptinglanguages 10 CGIexample WritteninPerl   Hello.pl  ShouldbeplacedinthecgibindirectoryontheWeb server #!/usr/bin/perl print Content-type: text/html ; print Hello Security Testers!; 11 WithASP,developerscandisplayHTML documentstousersonthefly MaindifferencefrompureHTMLpages   WhenauserrequestsaWebpage,oneiscreatedatthat time ASPusesscriptinglanguagessuchasJScriptor VBScript NotallWebserverssupportASP 1213 ASPexample My First ASP Web Page Hello, security professionals The time is . Microsoftdoesnotwantuserstobeabletoviewan ASPWebpage’ssourcecode Thiscancreateserioussecurityproblems  14 TomcatApacheisanotherWebServerprogram TomcatApachehostsanywherefrom50%to60%of allWebsites Advantages Worksonjustaboutany*NIXandWindowsplatform   Itisfree RequiresJava2StandardRuntimeEnvironment (J2SE,version5.0) 151617 DynamicWebpagescanbedevelopedusing scriptinglanguages VBScript   JavaScript  PHP 18 EnablesWebdeveloperstocreatedynamicWebpages SimilartoASP  Opensourceserversidescriptinglanguage CanbeembeddedinanHTMLWebpageusingPHPtags UserscannotseePHPcodeontheirWebbrowser UsedprimarilyonUNIXsystems AlsosupportedonMacintoshandMicrosoftplatforms  19 PHPexampleMy First PHP Program AsasecuritytesteryoushouldlookforPHP vulnerabilities 20