During ethical hacking, the researcher looks for vulnerabilities. An ethical hacker can have several reasons for gaining unauthorized access to a web server, but the main one is to test server applications for flaws.
To gain access, as a rule, they use the same tools and methods that attackers possess, and if successful, you can perform the necessary patches and updates in order to improve security, detect malicious activity and develop a set of measures for a timely response ...
Collecting information
The first step usually involves obtaining information about the intended target, including identifying the target machine, gathering important details about the IP address, operating system, hardware, network configuration and infrastructure, DNS records, and so on.
This can be accomplished in a number of ways, but mostly with automated tools that scan the server for known vulnerabilities. Information about the physical hardware of the target system can be obtained in a variety of ways, and often by carefully examining the responses of various software subsystems that are sent during initiation or even rejection of incoming connections. This knowledge is then used to narrow down the range of possible applications that typically run on different hardware configurations.
Hackers use tools to test the system for various security breaches, including configuration errors in the applications on the server, unchanged default passwords, outdated software that needs updating, and other similar issues.
Research utilities
- HTTrack : An open source web spider that allows you to download entire sites to your local system for forensic analysis.
- Maltego : Link and Data Analyzer (also open source)
- Nessus : Vulnerability scanner that allows you to check various aspects, including inconsistencies in configuration, outdated software, insecure or missing passwords, DoS vulnerabilities that can contribute to gaining access to or complete control over the system.
- Netsparker : Scans sites, applications and server services for vulnerabilities regardless of operating system.
- Nikto : Scanner for the presence of dangerous files and CGI scripts, outdated software, errors in the configuration of applications exploited by cybercriminals.
- ScanMyServer : Free online utility to crawl all pages of a specific site or blog and find various security issues.
After receiving preliminary detailed information, you can proceed to the next stage, namely, thinking over methods of gaining access to the target system.
Gaining access
Based on the information received, you can then think over possible scenarios for gaining access to data stored on the server, or full control over the system. This task is accomplished in a number of ways, but in general, proven penetration techniques are employed.
OWASP (Open Web Application Security Project; Open Web Application Security Project) is an organization that monitors vulnerabilities and maintains a rating of the ten most common and potentially dangerous vulnerabilities used by attackers to gain illegal access to web servers.
Usually, the easiest way to gain access and control over a server is to exploit known vulnerabilities, which is what attackers often use. Although some hackers use scenarios that differ from the most common attacks, in general, if standard methods do not work, attackers start looking for a more accessible target.
Top 10 OWASP Issues
The following vulnerabilities were most frequently encountered during penetrations in 2021.1. Injection: injecting code into a program or query to execute remote commands (as is the case with SQL injection).
2. Inappropriate authentication: gaining access to the system using stolen, misconfigured or otherwise obtained accounts.
3. Disclosure of confidential data: implemented when applications insecurely protect passwords, session tokens and other confidential and valuable information.
4. External XML Entities (or XXE): scenario based on vulnerabilities associated with parsing XML data in applications.
5. Illegal access: realized due to incorrectly configured user rights or roles.
6. Errors in configurations related to security
7. Cross-site scripting (XSS): similar to injection. Allows an attacker to inject client scripts into web applications to bypass security controls.
8. Insecure Deserialization: A vulnerability whereby misconfigured or unknown data is used to run code, bypass authentication, implement DoS attacks, and in other scenarios to bypass security measures.
9. Using server components with known vulnerabilities.
10. Poor logging and monitoring.
After gaining access and gaining access to the system, the attacker then pays attention to maintaining control over the server with the aim of subsequent exploitation. At this stage, as a rule, the attacker obtains information about other accounts or roles. If it was possible to gain access to a privileged account or an account used by various application packages, then it attempts to either obtain administrative privileges or create a new administrator account in the system.
Backdoors and covering your tracks
Typically, after the initial invasion, the system is prepared for further use or operation. While attackers may not do anything to attract attention during the initial infiltration, many continue to monitor the accounts used to gain access to see if an intrusion has been detected. In addition, these accounts can be used to delete or modify logs and other system messages. However, many hackers prefer to bide their time and not take any action that attracts attention.
From a vulnerability testing perspective, once a system is compromised, an ethical hacker will want to access and use the system as if an attacker were acting. A compromised server is used to monitor user accounts, manipulate logs and other system data, and remove or hide traces of intrusion.
Although the goal of penetration testing is to make the server more secure and resistant to attacks of various kinds, the above activity plays a very important role. From examining security logs and using other techniques to detect intrusion, to protecting data and restricting access if an attack is successful. Alternative measures can also be taken to detect intrusions, during which non-standard scenarios are implemented.
