Scribd
Upload
15 views

Module 1.3 - Basic Scanning

Uploaded by

114 thp
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Module 1.3 - Basic Scanning

Uploaded by

114 thp
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Web Application Hacking

Basic Scanning
1.3.1 - Port Scanning
Web Hacking

• The purpose of Port Scanning is to determine which services are running


in an environment.
1.3.2 – NMAP Scan Types
Web Hacking

• Connect Scan
– $ nmap -sT -p80,443 target.org
• Stealth Scan
• $ nmap -sS -p80,443 target.org
• Script Scan
• $ nmap -sC -p80,443 target.org
1.3.3 Nmap
Web Hacking
Scan Engine (NSE)
• The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features.
It allows users to write (and share) simple scripts (using the Lua programming language )
to automate a wide variety of networking tasks.

• Those scripts are executed in parallel with the speed and efficiency you expect from
Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or
write their own to meet custom needs.

• To reflect those different uses and to simplify the choice of which scripts to run, each
script contains a field associating it with one or more categories. Categories include are
auth, broadcast, default. discovery, dos, exploit, external, fuzzer, intrusive, malware, safe,
version, and vuln.
1.3.3 -
Web Hacking
NSE useful info

• Nmap scripts are located at /usr/share/nmap/scripts


• https://nmap.org/book/nse.html
• https://nmap.org/book/nse-usage.html
• https://svn.nmap.org/nmap/scripts/http-server-header.nse
• https://github.com/michenriksen/nmap-scripts/blob/master/http-apache-
server-status.nse
1.3.4 –
Web Hacking
Heartbleed – CVE-2014-0160

• The Heartbleed Bug is a serious vulnerability in the popular OpenSSL


cryptographic software library.
• This weakness allows stealing the information protected, under normal
conditions, by the SSL/TLS encryption used to secure the Internet.

The Heartbleed bug allows


anyone on the Internet to read
the memory of the systems
protected by the vulnerable
versions of the OpenSSL
software.
1.3.5 –
Web Hacking
Introduction to Shodan

• Introduction to Shodan.io
• Interesting Searches
• Various Search Parameters
• Demo
1.3.5 – Shodan.io
Web Hacking

• Shodan is a search engine that lets users search for various types of
servers connected to the internet using a variety of filters. Some have also
described it as a search engine of service banners, which are metadata
that the server sends back to the client.
1.3.5 – Shodan Exercises
Web Hacking

• Perform a Shodan search to


identify a Public Infrastructure
Service
• Find a common home router
manufacturer
• Perform a search to identify
devices running NTP (Network
Time Protocol)
• Identify device using Shodan that
is running a vulnerable service
1.3.6 - CMS Security
Web Hacking

• A content management system (CMS) is used to manage the creation and


modification of digital content. A CMS is typically used for enterprise
content management (ECM) and web content management (WCM).
1.3.6 - CMS Platforms
Web Hacking

• There are numerous content management systems that serve a number


of purposes. You will already be familiar with many of them.
1.3.6 -
Web Hacking
CMS Scanning tools

• There are a number of tools available for testing Content Management


Systems. Many of these tools are automated making which simplifies the
process and saves time

• CMSScan
• WPScan
• JoomScan
• Droopescan
• VBScan
What is Hidden Content?
1.4.1 Hidden Content

• Web resources not meant to be accessed by normal users.


– Administrative pages.
– Backups.
– Directories.
– Files.
How can we find Hidden Content?
1.4.1 Hidden Content

• Some of the ways you can look for Hidden Content.


– Web Crawlers and Web Scraping.
– Using Fuzzing lists (Brute-forcing).
What is a Web Crawler
1.4.2 Web Crawlers and Web Scraping

• Programs (bots) that systematically browse the Web, typically with the
purpose of web indexing.
– Also known as Spiders.
– Add the found webpages to a database.
What is Web Scraping
1.4.2 Web Crawlers and Web Scraping

• Extracting and saving website’s data locally:


– Pictures
– Links
– Pages
– Documents
– Files
– Scripts
Web Crawlers vs Web Scraping
1.4.2 Web Crawlers and Web Scraping
robots.txt
1.4.2 Web Crawlers and Web Scraping

• Standard to communicate with web crawlers and other robots.


– Inform the robot about the restricted areas in a website.
What is URL Fuzzing?
1.4.3 URL Fuzzing

• Process of brute-force different possible directories and files in a website.


– The most common method is to use wordlists
o SecLists: https://github.com/danielmiessler/SecLists
o Fuzzing: https://github.com/SooLFaa/fuzzing
o Kali: /usr/share/wordlists
Dirbuster
1.4.3 URL Fuzzing

• Dirbuster is a tool with a GUI that allows to brute force directories and files.
– It can work with wordlist files or patterns generated of a set of characters.
– Is easy to use and comes with kali by default.
dirb and gobuster
1.4.3 URL Fuzzing

• CLI alternatives to Dirbuster are dirb and gobuster.


– dirb is a specialized tool that performs just URL fuzzing
– gobuster can also perform other actions, as subdomain enumeration.
Learning Goals

• Now you know:


– What Hidden Content is.
– How Web Crawlers and Web Scraping operate.
– What is URL Fuzzing and which tools you can use to do it.
Thank you

You might also like