During ethical hacking, a researcher searches for vulnerabilities. An ethical hacker may have several reasons for gaining unauthorized access to a web server, but the main one is to test server applications for gaps. To gain access, as a rule, the same tools and methods are used that the attackers possess, and if successful, you can perform the necessary corrections and updates in order to improve security, detect malicious activity and develop a set of measures for a timely response.
Data Collection
The first step, as a rule, involves obtaining information about the intended purpose, including identifying the target machine, collecting important details about the IP address, operating system, hardware, network configuration and infrastructure, DNS records and so on.
This problem can be solved in different ways, but mainly with the help of automated tools that scan the server for the presence of known vulnerabilities. Information on the physical hardware of the target system can be obtained in different ways and often by carefully studying the responses of various software subsystems that are sent during initiation or even rejection of incoming connections. Then, the obtained information is used to narrow the spectrum of possible applications that usually run in various hardware configurations.
Hackers use tools to test the system for various security holes, including errors in configuring applications present on the server, unchanged standard passwords, outdated software that needs to be updated, and other similar problems.
Research Utilities
- HTTrack : An open source web spider that allows you to download entire sites to the local system for further forensic analysis.
- Maltego : Link and Data Analyzer (also open source)
- Nessus : Vulnerability scanner that allows you to check various aspects, including inconsistencies in the configuration, outdated software, insecure or missing passwords, vulnerabilities for DoS attacks that can help gain access or complete control over the system.
- Netsparker : Scans sites, applications, and server services for vulnerabilities regardless of operating system.
- Nikto : Scanner for the presence of dangerous files and CGI scripts, outdated software, configuration errors of applications operated by malicious users.
- ScanMyServer : A free online utility that allows you to bypass all the pages of a specific site or blog and find various security problems.
The above utilities allow you to collect a large amount of information about the target system, including the names of employees, email addresses associated with the server, computer names, information about the network structure and user accounts. After obtaining preliminary detailed information, you can proceed to the next stage, and specifically – thinking over methods of gaining access to the target system.
Getting access
Based on the information received, further possible scenarios can be thought out to gain access to data stored on the server or complete control over the system. This problem can be solved in different ways, but in general, proven techniques are used that are used in penetrations. OWASP (Open Web Application Security Project) is an organization that monitors vulnerabilities and maintains a rating of the ten most common and potentially dangerous vulnerabilities used by cybercriminals to gain unauthorized access to web servers.
Usually, the easiest way to gain access and control over a server is to exploit known vulnerabilities, which is what attackers most often resort to. Although some hackers use scripts that differ from the most common attacks, mainly if standard methods fail, attackers, begin to search for a more accessible target.
Top 10 OWASP Issues
The following vulnerabilities were most common during penetrations in 2019;
- Injection: injecting code into a program or query to execute remote commands (as is the case with SQL injection).
- Illegal authentication: gaining access to the system using stolen, incorrectly configured or otherwise obtained accounts.
- Disclosure of confidential data: implemented when applications do not securely protect passwords, session tokens, and other confidential and valuable information.
- External XML entities (or XXE): a scenario-based on vulnerabilities associated with parsing XML data in applications.
- Illegal access: implemented due to incorrectly configured user rights or roles.
- Errors in security-related configurations
- Cross-site scripting (XSS): similar to injection. Allows an attacker to inject client scripts into web applications in order to bypass access control tools.
- Insecure deserialization: a vulnerability whereby incorrectly configured or unknown data is used to run code, bypass authentication, implement DoS attacks and in other scenarios to bypass security measures.
- Using server components with known vulnerabilities.
- Poor logging and monitoring.
After gaining access and fixing in the system, the attacker then pays attention to maintaining control over the server for the purpose of subsequent operation. At this stage, as a rule, the attacker receives information about other accounts or roles. If it was possible to gain access to the privileged account or the account used by various application packages, then it attempts to either obtain administrative privileges or create a new administrator account in the system.
Backdoors and Footprints
Typically in Ethical Hacking, after an initial invasion, the system is prepared for future use or operation. Although intruders may not be able to commit anything that attracts attention during the initial penetration, many continue to monitor the accounts used to gain access to track if an intrusion has been detected. In addition, these accounts can be used to delete or modify logs and other system messages. However, many hackers prefer to wait for time and not take any actions that attract attention.
From the point of view of vulnerability testing, as soon as the system is compromised, an ethical hacker will want to gain access and use the system as if an attacker were acting. A hacked server is used to monitor user accounts, manipulate logs and other system data, and remove or conceal penetration traces.
Although the purpose of Ethical Hacking and penetration testing is to make the server more secure and resistant to various attacks, the above activity plays a very important role. Starting from studying security logs and using other methods to detect intrusions and ending with data protection and access restriction in case the attack is successful. Alternative measures can also be taken to detect hacks, during which non-standard scenarios are implemented.
Posted by: Ethical Hacking
Credits: SecurityLab