HabeshaCanHackFeed free serious hacking tutorial

1
 HabeshaCanHackFeed free serious hacking tutorial

WEB SERVER
 Introduction to web server
 How its work
 Types of web server
 Types of attacks against web
 Effects of successful web server attack

INTRODUCTION TO WEB SERVER

A web server is a computer that runs websites. It's a computer program that distributes web pages as
they are requisitioned. The basic objective of the web server is to store, process and deliver web
pages to the users. This intercommunication is done using Hypertext Transfer Protocol (HTTP).
These web pages are mostly static content that includes HTML documents, images, style sheets, test
etc. Apart from HTTP, a web server also supports SMTP (Simple Mail transfer Protocol) and FTP
(File Transfer Protocol) protocol for emailing and for file transfer and storage.

HOW ITS WORK

The main job of a web server is to display the website content. If a web server is not exposed to the
public and is used internally, then it is called Intranet Server. When anyone requests for a website by
adding the URL or web address on a web browser’s (like Chrome or Firefox) address bar (like
www.eoch.com), the browser sends a request to the Internet for viewing the corresponding web
page for that address. A Domain Name Server (DNS) converts this URL to an IP Address (For
example 192.168.20.20), which in turn points to a Web Server.

The Web Server is requested to present the content website to the user’s browser. All websites on
the Internet have a unique identifier in terms of an IP address. This Internet Protocol address is used
to communicate between different servers across the Internet.
Types of Web Servers
Apache HTTP Server
This is the most popular web server in the world developed by the Apache Software
Foundation. Apache web server is an open source software and can be installed on almost all
operating systems including Linux, Unix, Windows, FreeBSD, Mac OS X and more. About 60% of
the web server machines run the Apache Web Server.

Internet Information Services

The Internet Information Server (IIS) is a high performance Web Server from Microsoft.
This web server runs on Windows NT/2000 and 2003 platforms ( and may be on
upcoming new Windows version also). IIS comes bundled with Windows NT/2000 and 2003;
Because IIS is tightly integrated with the operating system so it is relatively easy to administer it.

lighttpd
The lighttpd, pronounced lighty is also a free web server that is distributed with the FreeBSD
operating system. This open source web server is fast, secure and consumes much less CPU power.
Lighttpd can also run on Windows, Mac OS X, Linux and Solaris operating systems
Types of Attacks against Web

2
 HabeshaCanHackFeed free serious hacking tutorial

Denial of Service Attacks– With this type of attack, the web server may
crash or become unavailable to the legitimate users
Domain Name System Hijacking – With this type of attacker, the DNS setting are
changed to point to the attacker’s web server. All traffic that was supposed to be sent to the
web server is redirected to the wrong one.
Sniffing– Un encrypted data sent over the network may be intercepted and used to gain
unauthorized access to the web server.
Phishing– With this type of attack, the attack impersonates the websites and directs traffic
to the fake website. Unsuspecting users may be tricked into submitting sensitive data such as
login details, credit card numbers, etc.
Pharming– With this type of attack, the attacker compromises the Domain Name System
(DNS) servers or on the user computer so that traffic is directed to a malicious site.
Defacement– With this type of attack, the attacker replaces the organization’s website with
a different page that contains the hacker’s name, images and may include background music
and messages.

Effects of successful Web Server Attack

An organization’s reputation can be ruined if the attacker edits the website content and
includes malicious information or links to a porn website
The web server can be used to install malicious software on users who visit the
compromised website. The malicious software downloaded onto the visitor’s computer can
be a virus, Trojan or Botnet Software, etc.
Compromised user data may be used for fraudulent activities which may lead to
business loss or lawsuits from the users who entrusted their details with the organization

Web server attack tools

Some of the common web server attack tools include;
Metasploit – this is an open source tool for developing, testing and using exploit code. It
can be used to discover vulnerabilities in web servers and write exploits that can be used to
compromise the server.
Mpack – this is a web exploitation tool. It was written in PHP and is backed by MySQL as
the database engine. Once a web server has been compromised using MPack, all traffic to it
is redirected to malicious download websites.
Zeus – this tool can be used to turn a compromised computer into a bot or zombie. A bot is
a compromised computer which is used to perform internet-based attacks. A botnet is a
collection of compromised computers. The botnet can then be used in a denial of service
attack or sending spam mails.
Neosplit – this tool can be used to install programs, delete programs, replicating it, etc.

3
 HabeshaCanHackFeed free serious hacking tutorial

HabeshaCanHackFeed free serious hacking tutorial

Click in each of them to join and support us