Updates

Wednesday, 26 April 2017

Hacking a Web Server: Identifying and Exploiting Web Application

Hacking a Web Server: Identifying and Exploiting Web Application


Today I am going to present the second article in the hacking web server series. I recommend you to study the first article of this series before jumping into this article. In the last article, we did some Nmap scanning on our server to find out what kind of services and ports are open on the server. Now after scanning we found out that apache HTTP server is running on the server.

In this tutorial, we will identify web application running on the server and then exploit it using a public exploit available on the server.

This tutorial, I comprised of two parts identifying and exploiting. So let's start with the first phase.

Things we need 

  • A Linux hacking distro.
  • A vulnerable server.

Identifying web application

  • If you are using a hacking Linux distro you will found many web application hacking tools. But for my tutorial, I am going to use Nikto.
  • Open your terminal and paste the following command. 
nikto --host 192.168.56.101

  • Nikto found out that this server has some directories and showed some information about Robot.txt and some other stuff. 

  • In above image below I was able to found some directories but those directories only contain stuff like images, javascript, CSS files.
  • In the scan, there was a License file which I can use to identify what kind of web application is the server is using.
  • On opening the license file in the web browser I found out that server has CMS web application called BuilderEngine.
  • Now we are successfully able to identify the web application installed on the server.

Exploiting the web application 

  • In the identification phase, I was able to found out what kind of web application is the server running.
  • Now I will try to exploit it using with public exploit available on Exploit-Db.
  • After searching on Exploit-Db, I was able to found that Arbitrary File Upload Exploit is available for the BuilderEngine CMS. 
  • In this particular exploit, I was able to upload any file to the server. So I decided to upload a PHP web shell to the server. 
  • When you study any public exploit, there's always a Proof of concept provide which shows how you can exploit the web app. 
  • In this exploit, I created an HTML file with POC code and uploaded a PHP web shell on the server. 
  • Exploiting process is different for every public exploit. In some cases, a Metasploit modules is given or a python script is given. 
In above tutorial, I was able to identify and exploit the web application. In the next tutorial, we are going to Root the server to get full access to the server.

Notes

  • This tutorial is only for educational purpose.

No comments:

Post a Comment

Share your problems but don't spam here