H a c k i n g W e b s e r v e r s M o d u l e 1 2 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers H ackin g W ebservers M o d u le 12 Engineered by Hackers. Presented by Professionals. E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s v 8 M o d u le 1 2 : H a c k in g W e b s e r v e r s E x a m 3 1 2 -5 0 Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1601 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers GoDaddy O utage Takes Down M illions o f Sites, Anonym ous M em ber Claims R esponsibility M on d a y, S e p te m b er 1 0 th, 2 012 Final update: GoDaddy is up, and claims that the outage was due to internal errors and not a DDoS attack. According to many customers, sites hosted by major web host and domain registrar GoDaddy are down. According to the official GoDaddy Twitter account the company is aware of the issue and is working to resolve it. Update: customers are complaining that GoDaddy hosted e-mail accounts are down as well, along with GoDaddy phone service and all sites using GoDaddy's DNS service. Update 2: A member of Anonymous known as AnonymousOwn3r is claiming responsibility, and makes it clear this is not an Anonymous collective action. A tipster tells us that the technical reason for the failure is being caused by the inaccessibility of GoDaddy's DNS servers — specifically CNS1.SECURESERVER.NET, CNS2.SECURESERVER.NET, and CNS3.SECURESERVER.NET are failing to resolve. h ttp://te c h cru n c h .c o m C o pyrigh t © b y EG-G*ancil. A ll R ights Reserved. R ep rodu ction is S trictly P ro hibite d. S e c u r i t y N e w s G o D a d d y O u t a g e T a k e s D o w n M i l l i o n s o f S ite s , A n o n y m o u s M e m b e r C l a i m s R e s p o n s i b i l i t y N n u s Source: http://techcrunch.com Final update: GoDaddy is up, and claims that the outage was due to internal errors and not a DDoS attack. According to many customers, sites hosted by major web host and dom ain registrar GoDaddy are down. According to the official GoDaddy T w itter account, the company is aware of the issue and is w orking to resolve it. Update: Customers are complaining that GoDaddy hosted e-mail accounts are down as well, along w ith GoDaddy phone service and all sites using GoDaddy's DNS service. Update 2: A m em ber of Anonymous known as Anonym ousO w n3r is claiming responsibility, and makes it clear this is not an Anonym ous collective action. A tipster tells us that the technical reason for the failure is being caused by the inaccessibility of GoDaddy's DNS servers - specifically CNS1.SECURESERVER.NET, CNS2.SECURESERVER.NET, and CNS3.SECURESERVER.NET are failing to resolve. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1602 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers Anonym ousO w n3r׳s bio reads "Security leader of #A nonym ous (׳”Official m em be r")." The individual claims to be from Brazil, and hasn't issued a statement as to why GoDaddy was targeted. Last year GoDaddy was pressured into opposing SOPA as customers transferred domains off the service, and the com pany has been the center of a few other controversies. However, Anonym ousO w n3r has tweeted "I'm not anti go daddy, you guys will understand because i did this attack." Copyright © 2012 AOL Inc. By Klint Finley http://techcrunch.com/2012/09/10/godaddy-outage-takes-down-millions-of-sites/ Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1603 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers M odule Objectives C Urt1fW4 EH tt*H4i Nath* J IIS Webserver Architecture J Countermeasures J Why Web Servers are Compromised? J How to Defend Against Web Server J Impact of Webserver Attacks Attacks J Webserver Attacks J Patch Management J Webserver Attack Methodology /L־־ ^ J Patch Management Tools J Webserver Attack Tools J Webserver Security Tools J Metasploit Architecture J Webserver Pen Testing Tools J Web Password Cracking Tools J Webserver Pen Testing C o pyrigh t © by IG -C O H Cil. All Rights Reserved. R ep roduc tio n is S trictly P roh ib ite d. ^ M o d u l e O b j e c t i v e s • — *> Often, a breach in security causes m ore damage in term s of goodwill than in actual quantifiable loss. This makes web server security critical to the norm al functioning of an organization. M ost organizations consider th e ir web presence to be an extension of them selves. This module attem pts to highlight the various security concerns in the context of webservers. After finishing this module, you will able to understand a web server and its architecture, how the attacker hacks it, w hat the different types attacks th at attacker can carry out on the web servers are, tools used in web server hacking, etc. Exploring web server security is a vast domain and to delve into the finer details of the discussion is beyond the scope of this module. This m odule makes you familiarize w ith: e IIS Web Server Architecture e Countermeasures e W hy Web Servers Are Compromised? e How to Defend Against Web e Impact of Webserver Attacks Server Attacks e Webserver Attacks e Patch Managem ent e Webserver Attack Methodology 0 Patch Management Tools Q Webserver Attack Tools e W ebserver Security Tools e Metasploit Architecture e W ebserver Pen Testing Tools e Web Password Cracking Tools e W ebserver Pen Testing Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1604 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers CEHM odule Flow C o pyrigh t © b y EG-G(IIIICil. All R ights Reserved. R ep rod uc tion is S trictly P rohibited. M o d u l e F l o w To understand hacking w eb servers, first you should know w hat a web server is, how it functions, and what are the other elements associated with it. All these are simply term ed web server concepts. So first we will discuss about web server concepts. 4 m ) Webserver Concepts Webserver Attacks Attack Methodology * Webserver Attack Tools Webserver Pen Testing Webserver Security Tools y Patch Management Counter-measures ■ — ■ — This section gives you brief overview of the w eb server and its architecture. It will also explain comm on reasons or mistakes made that encourage attackers to hack a web server and become successful in that. This section also describes the impact of attacks on the web server. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1605 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W eb serv ers Webserver M arket Shares I _____________ I _____________ I _____________ I _____________ I _____________ I 64.6% Apache Microsoft - IIS LiteSpeed I 1.7% Google Server | 1.2% W e b S e r v e r M a r k e t S h a r e s Source: http://w 3techs.com The following statistics shows the percentages of websites using various web servers. From the statistics, it is clear tha t Apache is the most com m o n ly used w eb server, i.e., 64.6%. Below that M icrosoft ־ IIS server is used by 17.4 % of users. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1606 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers ־J ► 80% 64.6% כ t Apache 17.4% Microsoft ־ IIS %13 Nginx LiteSpeed Google Server Tomcat Lighttpd 7050 604010 20 30 FIGURE 12.1: Web Server Market Shares Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1607 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers Open Source Webserver CEH Architecture I © AttacksSite Admin r □ Email MySQL i f C o m p ile d E x te n s io n Site Users :1 1 a Linux 1 I— *־— I Apache PHP File System ג י ינ י מ ^ י Applications C o pyrigh t © b y EG-G(IIIICil. All R ights Reserved. R ep rod uc tion is S trictly P rohibited. O p e n S o u r c e W e b S e r v e r A r c h i t e c t u r e The diagram bellow illustrates the basic com ponents of open source web server H architecture. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1608 Exam 312-50 Certified Ethical HackerEthical Hacking and C ounterm easu res Hacking W ebservers Attacks 1 U Site Admin ׳־ Site Users & * A Internet Linux Email Apache V PHP File System J F M f Compiled Extension MySQL y Applications "־ FIGURE 12.2: Open Source Web Server Architecture Where, © Linux - the server's operating system © Apache - the web server com ponent © MySQL - a relational database © PHP - the application layer Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1609 [...]... d M o d u le 12 P ag e 1 612 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e rv e rs Exam 3 1 2 -5 0 C ertified Ethical H acker World Wide Web File Edit V iew B O ® Help ,‫יי‬ FIGURE 12. 4: W ebsite D efacement M o d u le 12 P ag e 1613... te lo g , a n d e n d re q u e s t Managed Modules Forms Authentication H T T P e r r o r s , a n d H TTP lo g g in g p r o c e s s in g FIGURE 12. 3: IIS Web Server Architecture M o d u le 12 P ag e 1611 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved, R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H... ; Set-Cookie; author=JasonTheHacker HTTP/1.1 200 OK S e c o n d R e sp o n se HTTP/1 .120 0 OK FIGURE 12. 8: HTTP Response Splitting Attack M o d u le 12 P ag e 1623 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e r v e r s Exam 3 1 2-50 C... h ija ckin g a tta c k : M o d u le 12 P ag e 1626 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e r v e r s Exam 3 1 2 -5 0 C ertified Ethical H acker FIGURE 12. 10: HTTP Response Hijacking M o d u le 12 P ag e 1627 Ethical H acking a n... s s io n ID s © ( f t es * yco w.Ju jjy y‫ ־‬m 1 igr ‘ A ckvr'kp^w tU P o is o n e d S e r v e r C a c h e FIGURE 12. 9: Web Cache Poisoning Attack M o d u le 12 P ag e 1625 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e rv e rs Exam 3 1 2 -5 0 C ertified... 569,344 W lnD um p.exe 7 File(s) 570, 368 bytes 13 Dir(s) 13,432 ,115,200 byte s free FIGURE 12. 7: D ire c to ry T ra v e rs a l A tta c k s M o d u le 12 P ag e 1621 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e rv e rs Exam 3 1 2 -5 0 C ertified... m e n t and re m o te are ena b le d o r accessible a d m in is tra tio n TABBLE 12. 1: causes and consequences of w eb server com prom ises M o d u le 12 P ag e 1615 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e rv e rs Exam 3 1 2 -5... s lo g re p e a te d e rro rs = O ff FIGURE 12. 6: php.inifile on an Apache server T h is c o n f ig u r a t i o n g iv e s v e r b o s e e r r o r m e s s a g e s M o d u le 1 2 P ag e 1620 C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Ethical Hacking a n d C o u n te rm e a s u re s H acking... and a u th e n tic a te d , and va rio u s g ro u p s o f users assigned d is tin c t access privile g e s M o d u le 12 P ag e 1614 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved R ep ro d u ctio n is Strictly P ro h ib ite d Ethical Hacking a n d C o u n te rm e a s u re s H acking W e b s e rv e rs 6 Exam 3 1 2 -5 0 C ertified Ethical H acker End . corrected. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1 612 Exam 312- 50 Certified Ethical HackerEthical Hacking. 0 Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1601 Exam 312- 50 Certified Ethical HackerEthical Hacking. resolve. Ethical Hacking an d C oun term easures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited. M odule 12 Page 1602 Exam 312- 50 Certified Ethical HackerEthical Hacking