Welcome back, my budding hackers!
With this article, I am initiating a new series that so many of you have been asking for: Hacking Web Applications.
In previous tutorials, we have touched on some of the techniques and tools for web app hacking. We looked at web app vulnerability testing, website cloning, web app footprinting, web app password cracking, and many others. In this series, we will begin with the basics and slowly advance to more advanced techniques and tools. This is likely to be a very long series.
Let's begin by first giving you links to what we have already covered and then proceed to the basics of the attack vectors for web applications.
- Vulnerability scanning with Nikto
- Vulnerability scanning and backend mapping with Wikto
- Web application password cracking with Burp Suite and THC-Hydra
- Scraping potential passwords with CeWL
- SQL injection with sqlmap
- Using BeEF to control the user's browser
- Cross-site scripting (XSS) with Metasploit
- Finding website directories with DirBuster
Hacking web applications and this series can be broken into several areas.
Mapping the Server & Application
Like any hack, the more we know about the target, the better our chances of success. In the case of web applications, we probably want to know the target OS, the web server, and the various technologies supporting the web application.
In addition, mapping the application might include enumerating content and functionality, analyzing the application, identifying the server-side functionality, and mapping the attack surface. It's essential that we do this first and accurately before proceeding to any attack.
Web Application Attack Vectors
Although there are literally hundreds of ways of hacking web applications, they can be grouped into eight (8) basic types.
- Hacking Client Side Controls
One of the most popular areas of web app hacking is attacking the client-side controls. In this regard, we will look at transmitting data via the client and capturing user data.
- Hacking Authentication
We have looked briefly at hacking web app authentication with THC-Hydra and Burp Suite, but we will look at some other authentication tools as well as bypassing authentication such as capturing tokens and replaying them, client-side piggybacking, and cross-site request forgery.
- Hacking Session Management
We will look at ways to hack the application's session management. Session management enables an application to uniquely identify a user across multiple requests. When a user logs in, session management enables the user to interact with the web app without having to re-authenticate for every request. Due to its key role, if we can break the application's session management we can bypass the authentication. Thereby, we won't need to crack the username and password to gain access.
- Hacking Access Controls & Authorization
In this area, we will examine how to fingerprint ACLs and attack the ACLs in ways that will allow us to violate the ACLs.
- Hacking Back End Components
We have done a bit of back-end hacking such as SQL injection with sqlmap, but we will expand this area with new SQLi tools and also attack and inject XPATH and LDAP. We will also look at path or directory traversal, file inclusion vulnerabilities, XML, and SOAP injection.
- Hacking the User
Hacking the user is one of my favorite web app hacks. Technically, it's not web app hacking as we are actually hacking the end user, not the web app, by getting them to travel to our website and load malware to their browser and potentially their system. These techniques include cross-site scripting (XSS), cross-site request forgery, attacking the browser, and violations of the same origin policy.
- Hacking the Web Application Management
In many cases, the web applications have a management console or other management interface. If we can access that console or interface, we can conceivably change everything about the website including defacing it.
- Hacking the Web Server
In some cases, we can hack the underlying server of the web applications such as Microsoft's Internet Information Server (IIS), the Apache Project's Apache server, or Nginx. If we can gain control and access to the underlying server, it may give us an entry point to the web applications.
Keep coming back, my budding hackers, as we expand our repertoire of hacking tools and techniques to include web app hacking!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
7 Comments
Do you think that testing should be done manually or with automated scanners when finding vulnerabilities.
Manually. With automated vulnerability scanners, you won't learn anything but how to click a button.
Awesome OTW, one of the thing I was waiting for...as you say this is going to be a long excited journey!!!!!! Thanks!
u r awesome OTW i was waiting for such this thing :-)
Hey man first of all you're amazing I was just reading your article which are pretty impressive. Can you write an article about how to use nmap. I need it .I appreciate if you're ready to help
Thanks
I actually Used zap to find my first bug. I didnt know about clickjacking before so i learned a lot and was able to create a proof of concept. Now I realize thats the wrong way. This site is incredibly helpful.
I am probably your biggest fan. Love your videos they are by far the best for learning. I was excited to see that you are gonna make a tutorial for web application penetration testing. Thank you so much :)
Share Your Thoughts