Attack Methodology

PreviousWeb Application Hacking NextAttacking Web Applications

Last updated 1 year ago

Attack Methodology

Web Server attack methodology stages

Information Gathering
Web Server
Website Mirroring
Vulnerability Scanning
Session Hijacking
Web Server Password Cracking

Information Gathering and Footprinting

Look for traffic statistics
whois information
Review robots.txt file
- A small file made to be accessible and readable that tells web spiders which pages not to crawl for indexing

Tools

Netcraft
HTTPRecon
ID Serve
HTTPrint

Nmap Commands

# Detects a vulnerable server that uses the TRACE method
nmap --script  http-trace -p80 local host

# Lists e-mail accounts 
nmap --script http-google-email <host> 

# Discovers virtual hosts on an IP address you are trying to footprint. * is replaced by the name of the online dB 
nmap --script hostmap-* <host> 

# Enumerates common web applications 
nmap --script http-enum -p80 <host> 

# Grabs the robots.txt file 
nmap -p80 --script http-robots.txt <host>

PreviousWeb Application Hacking NextAttacking Web Applications

Last updated 1 year ago