Hacking web applications is a way to gain information pertinent to malicious activities such as theft and manipulation. These malicious activities are usually detrimental to the victims, as they could not only experience loss of information, but monetary losses as well as relationship strains may occur should the attacker decide to impersonate the target.
Hacking is an intricate process, and as such it encompasses a whole range of methods, ranging from determining the victim, discovering system vulnerabilities for exploitation and finally the hacking process methodology. This article focuses on the pre-process as well as the major process.
Footprinting works in the favour of attackers, as it helps determine which victim is worth exploiting, in addition to determining the system vulnerabilities. This happens by -
This determines the location of servers on the internet, and also ensures the target server is alive. The programs used for this technique are -
This is done by investigating the server header field, and extracting information on the model, type and version of the server software. Tools like Telnet, Netcraft, ID serve, Netcat are used to grab URL banners.
For web application firewalls
These firewalls usually examine web traffic coming in
Hidden Content Discovery
For attackers to properly exploit the target system, it is necessary to have access to hidden content and functions. Here, the attacker has access to backup copies of configuration files, log files with pertinent information, live files, new functions not connected to the main web application and other hidden content. Methods used for this footprinting method are:
Attack-Directed Spidering: this works by using an intercepting proxy to discover hidden functions. The proxy intercepts the web application and parses all the information from requests and responses gleaned to the attacker. The tool used for this method is the OWASP Zed attack proxy.
Brute forcing: tools like Burp Site can be used to send a large number of requests to the target web application to determine the name or identities of hidden content or functions.
Flaws regarding password strength or unsecure transmission pathways are exploitation points for attackers. Ways to hack through flaws are: Name enumeration Cookie exploitation Session attacks Password attacks
The attacker determines the account name through a predictable sequence and a trial and error method leading to a series of verbose failure messages. The attackers can only try this method if the web application does not have a lookout policy. This policy usually ensures the account is locked after a certain number of tries.
Here the attacker also performs a trial and error version on the password sections, by trying for ‘old password’, ‘new password’ and ‘confirm new password’ and then running comparism on the three sequences. This could be done through spidering or creating a new log-in account. Tools such as WebCracker and Brutus can be used to determine the passwords for target web applications.
Here, the attacker has a list of possible passwords for the target system, derived through footprinting, social engineering methods and commonly used passwords and use tools such as Dictionary maker to create this list.
Password attacks with brute-forcing are also possible. Here, the attacks try to crack the password using values from alphabets, numerical and symbolic values. Tools such as Brutus and SensePost Crowbar are used to brute-force passwords.
Script injection and eavesdropping are some of the means for extracting cookies from the target web applications. This method is used to glean important information, for instance passwords. Attackers replay these cookies with the same password, altered passwords or session identifies to exploit the web application by bypassing authenticating processes. Tools such as OWASP Zed attack proxy, Burp Suite can be used to access these cookies.
Published with the express permission of the author.