CYBER

SECURITY
PROFESSIONAL
CERTIFICATION
AIM OF THE MODULE
The aim of the module on Session Hijacking and Session
Management is to provide an understanding of the various
session management techniques and mechanisms used by
web applications, along with the different types of session
hijacking attacks that can be launched against them. The
module also covers the tools and techniques used to
detect and prevent session hijacking attacks, as well as the
best practices for secure session management to protect
against these attacks.

02/15
 1 Web Server Basics
Definition and scope of web servers
Ojbectives
Types of web servers
Common vulnerabilities of web servers
Agenda &
Attack vectors for web servers
2 Web Application Basics
Definition and scope of web applications
Types of web applications
Common vulnerabilities of web
applications
Attack vectors for web applications
3 Hacking Web Servers
Reconnaissance and Information
Gathering
Vulnerability Identification and
Exploitation
Post Exploitation and Maintaining Access
Countermeasures for Protecting Against
Web Server Attacks
4 Case Studies
Overview of Web Server and Application
Hacking Case Studies
Analysis of Recent Attacks
03/15
 Definition and scope of web servers

WEB SERVER
Types of web servers

BASICS Common vulnerabilities of web servers

Attack vectors for web servers

WEB SERVER BASICS
DEFINITION AND SCOPE OF WEB SERVERS

A web server is a software application that serves content, typically web pages, over the internet. It provides a platform for
hosting websites and applications that can be accessed by users through web browsers. A web server uses the HTTP (Hypertext
Transfer Protocol) to communicate with client devices and exchange information such as text, images, videos, and other
multimedia files. It is responsible for processing requests from client devices and serving up web pages or other resources in
response. Web servers are a critical component of the modern internet and form the backbone of the World Wide Web.

The scope of web servers can be summarized in the following four points:
1. Web servers are used to store and distribute web content across the internet. They play a crucial role in enabling access to
websites and web applications.
2. Web servers support various web technologies and protocols, such as HTTP, HTTPS, and FTP. They provide a platform for
developers to build and deploy dynamic web content, including server-side scripting languages like PHP, Python, and Ruby.
3. Web servers are responsible for maintaining web security and ensuring the confidentiality, integrity, and availability of web
content. They are often targeted by hackers for vulnerabilities and require regular updates and patches to maintain security.
4. Web servers are highly customizable and can be configured to meet the specific needs of different organizations. They can be
deployed on-premises or in the cloud and are used by a wide range of industries, including e-commerce, education,
healthcare, and government.

04/15
WEB SERVER BASICS
TYPES OF WEB SERVERS

There are several types of web servers, including:

1. Apache HTTP Server: This is an open-source web server that is widely used around the world. It can be used on a variety of
operating systems and supports a range of programming languages.
2. Microsoft IIS (Internet Information Services): This is a web server developed by Microsoft for use on Windows operating
systems. It supports a range of Microsoft technologies and can be integrated with other Microsoft software.
3. Nginx: This is a lightweight and high-performance open-source web server that is commonly used for websites with high
traffic volumes. It can also be used as a reverse proxy server.
4. Lighttpd: This is a lightweight and fast open-source web server that is commonly used for websites with high traffic volumes.
It supports a range of programming languages and can be used on a variety of operating systems.
5. Google Web Server (GWS): This is a custom web server developed by Google for use on its own websites. It is not available
for use by the general public.

04/15
WEB SERVER BASICS
COMMON VULNERABILITIES OF WEB SERVERS

Web servers can be susceptible to a variety of vulnerabilities, including:

1. Injection attacks: These occur when malicious code is injected into an application or database on the web server, allowing
attackers to gain unauthorized access to the system.
2. Cross-site scripting (XSS) attacks: These occur when an attacker injects malicious code into a web page that is then
executed by a victim's browser, allowing the attacker to steal sensitive information or perform other malicious activities.
3. Broken authentication and session management: If a web server's authentication and session management mechanisms
are not secure, attackers can easily gain access to sensitive information or perform unauthorized actions.
4. File inclusion vulnerabilities: These vulnerabilities allow an attacker to include remote files on the web server, potentially
allowing them to execute malicious code or access sensitive information.
5. Misconfigured servers: Web servers that are misconfigured or have weak security settings can leave the server open to a
variety of attacks, including brute-force attacks and denial-of-service (DoS) attacks.

04/15
WEB SERVER BASICS
ATTACK VECTORS FOR WEB SERVERS
Web servers can be attacked through various vectors, including:

1. SQL injection: Attackers can use SQL injection to exploit vulnerabilities in web applications that interact with databases. This
can allow attackers to manipulate, modify or delete data, or execute arbitrary code on the web server.
2. Cross-site scripting (XSS): This type of attack involves injecting malicious code into a web page that is executed in a user's
web browser. This can allow attackers to steal session cookies or other sensitive information.
3. DDoS attacks: Distributed denial-of-service (DDoS) attacks can overwhelm a web server with traffic, making it unavailable to
legitimate users.
4. File inclusion attacks: Attackers can exploit vulnerabilities in web applications to include arbitrary files on a web server. This
can allow attackers to execute malicious code, such as a backdoor or a web shell, on the server.
5. Brute force attacks: Attackers can use automated tools to try different combinations of usernames and passwords to gain
access to a web server.
6. Directory traversal attacks: Attackers can exploit vulnerabilities in web applications to access files outside of the web
server's root directory, allowing them to read or modify sensitive data.
7. Misconfigured servers: Web servers can also be vulnerable to attacks due to misconfigurations, such as default or weak
passwords, open ports, or outdated software.

04/15
 Definition and scope of web applications

WEB Types of web applications

APPLICATION
BASICS
Common vulnerabilities of web
applications

Attack vectors for web applications

WEB APPLICATION BASICS
DEFINITION AND SCOPE OF WEB APPLICATIONS

A web application is a software program that is accessed through a web browser. Unlike a static website, a web application allows
users to interact with dynamic content and perform tasks through a user interface. Web applications are popular for e-commerce,
social media, and other online services. They are built using web technologies such as HTML, CSS, and JavaScript, and often rely
on back-end databases and server-side scripting to manage data and perform complex tasks. Web applications are vulnerable to
a range of attacks, including injection attacks, cross-site scripting, and cross-site request forgery, making web application
security a critical concern for businesses and organizations.

The scope of web application can include:

1. Understanding web application architecture and design patterns.
2. Identifying common vulnerabilities in web applications, such as SQL injection, cross-site scripting (XSS), and cross-site
request forgery (CSRF).
3. Applying secure coding practices and implementing security controls to protect web applications from attacks.
4. Conducting regular security assessments and penetration testing to identify and address vulnerabilities in web applications.

05/15
WEB APPLICATION BASICS
TYPES OF WEB APPLICATIONS

Web applications can be broadly categorized into two types:

1: Static web applications: These applications contain web pages that are stored on the server and sent to the client as they are.
The content of these pages does not change unless the code of the page is edited. These web applications are relatively simple
and easy to maintain.

2: Dynamic web applications: These applications are more complex and can modify their content based on user input or data
from a database. They often use server-side scripting languages like PHP, Python, and Ruby to generate HTML code that is sent to
the client's browser. These applications can also use client-side scripting languages like JavaScript to modify the content of the
web page in real-time. Dynamic web applications are more susceptible to security vulnerabilities due to their complexity.

05/15
WEB APPLICATION BASICS
COMMON VULNERABILITIES OF WEB APPLICATIONS

Web applications are often targeted by attackers to gain unauthorized access, steal data, or compromise the security of the
underlying system. Some of the most common vulnerabilities in web applications include:

1. Injection flaws: These are security flaws that allow attackers to inject malicious code into web applications, such as SQL
injection or command injection.
2. Cross-site scripting (XSS): XSS attacks occur when attackers inject malicious scripts into web pages viewed by other users,
allowing them to steal data or take over accounts.
3. Cross-site request forgery (CSRF): This is an attack that tricks users into performing actions on a website without their
knowledge or consent.
4. Broken authentication and session management: This can occur when session tokens or authentication credentials are not
properly protected or managed, allowing attackers to gain unauthorized access to web applications.
5. Insufficient input validation: When web applications do not properly validate user input, it can leave them vulnerable to
attacks such as buffer overflows and other exploits.
6. Security misconfigurations: This occurs when web applications are not properly configured or secured, leaving them
vulnerable to attacks or unauthorized access.

05/15
WEB APPLICATION BASICS
ATTACK VECTORS FOR WEB APPLICATIONS

There are several attack vectors that can be used to exploit vulnerabilities in web applications, some of which include:

1. Injection attacks: These attacks involve injecting malicious code into user inputs to exploit vulnerabilities in the application's
database. Examples include SQL injection and cross-site scripting (XSS) attacks.
2. Authentication and session attacks: These attacks target vulnerabilities in the authentication and session management
processes to gain unauthorized access to sensitive data or functions. Examples include brute force attacks, session hijacking,
and cookie poisoning.
3. Access control attacks: These attacks target weaknesses in the application's access controls to gain access to restricted
functionality or data. Examples include privilege escalation and vertical/horizontal privilege escalation.
4. File inclusion attacks: These attacks exploit vulnerabilities in the application's file handling capabilities to gain access to
sensitive data or execute arbitrary code on the server. Examples include local file inclusion (LFI) and remote file inclusion
(RFI) attacks.
5. Denial of service attacks: These attacks target the application's availability by overwhelming the server with requests or
exploiting vulnerabilities in the network infrastructure. Examples include distributed denial of service (DDoS) attacks and
application-level DoS attacks.

05/15
 Reconnaissance and Information Gathering

HACKING WEB
Vulnerability Identification and Exploitation

SERVERS Post Exploitation and Maintaining Access

Countermeasures for Protecting Against Web

Server Attacks
HACKING WEB SERVERS
RECONNAISSANCE AND INFORMATION GATHERING
Reconnaissance and Information Gathering are techniques used by attackers to gather information about a target system or
organization. The scope of these techniques can be summarized in the following points:

1. Objective: The primary objective of reconnaissance and information gathering is to collect information about the target
system, network, or organization. The information collected can be used to identify vulnerabilities, weaknesses, and potential
entry points for attacks.
2. Techniques: There are several techniques that can be used for reconnaissance and information gathering, including network
scanning, port scanning, web scraping, search engine queries, social engineering, and dumpster diving.
3. Tools: There are several tools available to automate reconnaissance and information gathering, including Nmap, Shodan,
Metasploit, Recon-ng, and Maltego.
4. Importance: Reconnaissance and information gathering are critical components of any successful attack, as they help the
attacker to identify and exploit vulnerabilities in the target system. They also help the attacker to plan the attack and avoid
detection.
5. Countermeasures: To prevent reconnaissance and information gathering, organizations should implement security controls
such as firewalls, intrusion detection and prevention systems, and access controls. They should also monitor their systems for
suspicious activity and implement incident response plans to quickly detect and respond to attacks.

04/15
HACKING WEB SERVERS
COUNTERMEASURES FOR PROTECTING AGAINST SESSION HIJACKING

Vulnerability identification and exploitation is a critical step in the process of ethical hacking and penetration testing. It involves
the identification of weaknesses and vulnerabilities in a system or network, and exploiting these vulnerabilities to gain
unauthorized access or perform other malicious actions. The process typically involves the following steps:

1. Vulnerability Assessment: The first step in vulnerability identification is to perform a vulnerability assessment. This involves
using automated tools or manual techniques to scan the system or network for vulnerabilities and weaknesses.
2. Exploitation: Once vulnerabilities have been identified, the next step is to exploit them. This involves using various tools and
techniques to gain access to the system or network, escalate privileges, and execute malicious code.
3. Post-Exploitation: After successful exploitation, the attacker can use the access they gained to further explore the system,
extract sensitive information, or launch other attacks.
4. Persistence: In some cases, attackers may seek to maintain access to the system over an extended period. This can involve
the use of rootkits, backdoors, or other techniques to evade detection and maintain access.
5. Remediation: Once vulnerabilities have been identified and exploited, the final step is to remediate the vulnerabilities and
improve the security of the system or network. This typically involves patching vulnerabilities, configuring security settings,
and implementing other measures to improve security.

04/15
HACKING WEB SERVERS
POST EXPLOITATION AND MAINTAINING ACCESS

Post-exploitation and maintaining access refer to the activities that an attacker performs after successfully gaining unauthorized
access to a target system. These activities are carried out to ensure that the attacker maintains control of the system and can
continue to gather sensitive information or launch further attacks. Some common post-exploitation activities include:

1. Escalating privileges: After gaining access to a system, attackers often try to elevate their privileges to gain access to
sensitive information or carry out more advanced attacks.
2. Installing backdoors: Attackers may install backdoors to ensure they maintain access to the system, even if the original
vulnerability that allowed them access is patched.
3. Hiding their presence: Attackers often try to cover their tracks to avoid detection by system administrators and security
personnel.
4. Lateral movement: Once attackers have gained access to one system, they may use that system as a jumping-off point to
access other systems within the same network.
5. Data exfiltration: Attackers may attempt to extract sensitive data from the system or network, either for personal gain or to
sell to others.

04/15
HACKING WEB SERVERS
COUNTERMEASURES FOR PROTECTING AGAINST WEB SERVER ATTACKS
There are several countermeasures that can be employed to protect against web server attacks. Some of these include:

1. Regular updates and patches: Regularly updating and patching the web server software can help prevent known
vulnerabilities from being exploited by attackers.
2. Access control: Implementing proper access control measures, such as limiting access to sensitive files and directories, can
help prevent unauthorized access to the server.
3. Secure configuration: Ensuring that the web server is configured securely, such as disabling unnecessary features and
setting proper file permissions, can help prevent attacks that exploit misconfigurations.
4. Network security: Proper network security measures, such as implementing firewalls and intrusion detection systems, can
help detect and prevent attacks from reaching the web server.
5. Secure coding practices: Following secure coding practices, such as input validation and output encoding, can help prevent
common web application vulnerabilities like SQL injection and cross-site scripting (XSS).
6. Regular backups: Regularly backing up important data can help ensure that data is not lost in the event of an attack or system
failure.
7. Monitoring and logging: Implementing proper monitoring and logging practices can help detect and respond to attacks in a
timely manner.

04/15
 Overview of Web Server and Application
Hacking Case Studies

CASE STUDY
Analysis of Recent Attacks
CASE STUDY
OVERVIEW OF WEB SERVER AND APPLICATION HACKING CASE STUDIES
Web server and application hacking case studies provide a real-world perspective on the types of attacks that can be carried out
against web servers and applications. These case studies typically involve a description of the vulnerabilities that were exploited,
the attack techniques used, and the consequences of the attack.

Some examples of web server and application hacking case studies include:
1. The Target breach: In 2013, Target Corporation experienced a massive data breach that compromised the personal and
financial information of millions of customers. The attackers gained access to Target's systems through a vulnerability in a
third-party vendor's software, which was installed on Target's web servers.
2. The Equifax breach: In 2017, Equifax suffered a data breach that exposed the personal and financial information of over 140
million people. The attackers exploited a vulnerability in the Apache Struts web application framework to gain access to
Equifax's systems.
3. The Heartbleed vulnerability: In 2014, a vulnerability in the OpenSSL cryptographic software library was discovered that
allowed attackers to steal sensitive information from web servers, including passwords and encryption keys.
4. The SQL injection attack on Sony Pictures: In 2014, Sony Pictures suffered a massive data breach that resulted in the theft
of confidential company data and the release of sensitive employee information. The attackers used a SQL injection attack to
exploit vulnerabilities in Sony's web applications.

04/15
CASE STUDY
ANALYSIS OF RECENT ATTACKS
There have been numerous web server and web application attacks in recent years, some of which have resulted in significant
data breaches and financial losses. Here are some examples of recent attacks:

1. SolarWinds Supply Chain Attack: In 2020, the SolarWinds software supply chain attack affected several high-profile
companies, including Microsoft, FireEye, and the US government. Attackers gained access to SolarWinds' software
development system and inserted malicious code into a software update that was subsequently installed by customers.
2. Accellion File Transfer Appliance (FTA) attacks: In late 2020 and early 2021, several organizations using the Accellion FTA
for file sharing reported data breaches resulting from attacks exploiting multiple zero-day vulnerabilities in the software.
3. ProxyLogon vulnerabilities: In March 2021, Microsoft announced that several Chinese state-sponsored hacking groups had
exploited four zero-day vulnerabilities in Microsoft Exchange Server, known collectively as ProxyLogon. These vulnerabilities
allowed the attackers to gain access to Exchange email accounts, install malware, and steal sensitive information.
4. Kaseya VSA ransomware attack: In July 2021, a ransomware attack on Kaseya VSA, a software tool used by managed
service providers (MSPs), resulted in several MSPs and their clients being unable to access their systems. The attackers
exploited a zero-day vulnerability in the Kaseya VSA software to distribute the ransomware.

These attacks highlight the importance of software supply chain security, zero-day vulnerability management, and patch
management. They also demonstrate the importance of regular security assessments and vulnerability scanning, as well as
incident response planning and preparedness.

04/15
WEB
APPLICATION LABS
PRACTICAL Web
Nessus, OpenVAS, Acunetix, Metasploit, WebInspect,

LABS
Application &
OWASP ZAP, SQLMap, Nikto
Server Testing

Labs based on practical

demonstrations & operation
guide.

12/15
THANK YOU
If You Have Questions, Criticisms Or Suggestions,
Please Connect With Us Directly:

+1-844-889-4054

[email protected]

www.careerera.com