web hacking series part 1

~ Aditya Kamat

BMS College of Engineering

WEB HACKING SERIES PART-1

WEBSITE?

• It is a collection of related web pages.

• Web pages consist of text or multimedia content.

• Can have a domain name.

• Can be accessible over the internet or LAN.

• URL(Uniform Resource Locator) is used to identify the site.

PROTOCOL?

• Set of rules which are used for communication.

• We will look at:

• IP (Internet Protocol)

• HTTP (Hyper Text Transfer Protocol)

• HTTPS (Hyper Text Transfer Protocol Secure)

IP (INTERNET PROTOCOL)

• It has two versions:

• IPv4 (32 bits)

• IPv6 (128 bits)

• IPv4 is the most used one currently.

• IP address is assigned to each client in a network and it is unique for each client.

• Example: 192.168.0.1, 110.211.2.65

PUBLIC IP ADDRESS

• It is given by the ISP (Internet Service provider) for each connection.

• This is unique for every connection on the internet.

• IANA (Internet Assigned Numbers Authority) gives a range of IP addresses to the ISP and the ISP then gives them to their clients. In this way, the IP address of two clients is never the same.

PRIVATE IP ADDRESS

• These are assigned to us by the routers present in our home.

• This type of IP address is used when all devices are on the same network.

• All devices in the same network will have different private IP address but the same public address.

• The first octet of private IP address is 10 or 172 or 192

PUBLIC VS PRIVATE IP ADDRESS

Source: http://bharath-marrivada.blogspot.in/

HTTP (HYPER TEXT TRANSFER PROTOCOL)• Three versions:

• HTTP/1.0

• HTTP/1.1

• HTTP/2

• HTTP functions as a request–response protocol in the client–server computing model.

• The client submits an HTTP request message to the server.

• The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client.

STATUS CODE• 200 OK• 301 MOVED PERMANENTLY

• 302 FOUND• 304 NOT MODIFIED (Used by proxies/caches to check if

data is modified)• 400 BAD REQUEST (Caused by client side error)• 401 UNAUTHORIZED• 403 FORBIDDEN• 404 NOT FOUND

Source: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

HTTP METHODS

• GET • HEAD• POST• PUT • DELETE• TRACE

GET METHOD

• It is used to retrieve entities/objects from web servers.

• Conditional get is used by web caches to check if data is modified.

POST METHOD

• Parameters are passed in the message body.

• More secure than Get method.

Source: studytonight.com

WEB SOCKETS

• It is a combination of IP address and port address.

• It is used by the web server to identify unique hosts.

• Each client is assigned a socket by a server through which it can communicate with the server.

• Server uses the concept of multi-threading to create many sockets.

HTTPS

• HTTP over SSL(Secure Sockets layer)

• Default Port number 443.

• Main intention is to transfer data securely.

• In many websites, it is implemented only whenever secret data (Payment info) is to be transferred.

• It is much slower than HTTP/1.1

ENOUGH OF THEORY, LET US START ATTACKING ;)

VULNERABILITIES WE WILL BE LOOKING AT:-

• HTML injection.

• SQL injection to bypass authentication.

• Buffer overflow attack.

HTML INJECTION• HTML tags are used to change the data that is inputted into the

form.

• It can also be used in the URL while sending data in the form of parameters.

• Data is modified to take benefit of this vulnerability.

• Hackers usually try to steal account credentials as we will see in the demo.

A FEW HTML TAGS• <b> - To make the text bold.

• <i> - To italicize the text.

• <form> - To create a form.

• <input> - To create each element of the form.

• <table> - To create a table. <td> and <tr> are used to create rows and columns.

SQL INJECTION TO BYPASS AUTHENTICATION.

• Main intention here is to login without knowing the username and password.

• Single or double quote is used to end the string and the statement/query inserted after that will be executed.

Source : learn.digilentic.com

QUERY / STATEMENT

• ‘ or 1=1 –-

• Even if the username or password entered is not true, the result of the statement will be true because right side of OR is true.

• Hence, We are allowed to login as the desired user.

BUFFER OVERFLOW• It is a memory based attack on the server.

• If the input is not validated, the memory of the server can be filled up with junk values.

• It is used to completely exhaust the resources of the server.

• An user defined function can also be executed after the buffer is filled.

THANK YOU