Ethical Hacking and
Countermeasures
Version 6
Mod le XVI
u
Hacking Web Servers
Scenario
SpeedCake4u, a cake manufacturing firm wants to
b i
f
h
i
i
d
M
set up a we s te or s owcas ng ts pro ucts.
att, a
high school graduate was assigned the task of
building the website. Even though Matt was not a
pro in website building, the $2000 pay was the main
motivation for him to take up the task.
He builds a website with all the features that the
company management asked.
The following day the cake manufacturing firm’s
website was defaced with the Title “Your cake
stinks!”
How was it possible to deface the website?
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Is Matt the culprit?
News
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Source: http://www.pcworld.com/
Module Objective
Thi
d l
ill f
ili
i
ith
W b S
s mo u e w
am ar ze you w
:
•
e
ervers
• Popular Web Servers and Common
Vulnerabilities
• Apache Web Server Security
• IIS Server Security
• Attacks against Web Servers
• Tools used in Attack
• Patch Management
• Understanding Vulnerability Scanners
• Countermeasures
• Increasing Web Server Security
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Web Servers
Hacking Tools to
Exploit Vulnerabilities
Web Server Defacement
Patch Management
Apache Web Server Security
Vulnerability Scanners
C
t
Increasing
oun ermeasures
Attacks against IIS
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Web Server Security
Web Server Vulnerabilities
How are Web Servers
Compromised
Misconfigurations, in operating systems, or networks
Bugs, OS bugs may allow commands to run on the web
Installing the server with defaults, service packs may not be
applied in the process, leaving holes behind
Lack of proper security policy, procedures, and maintenance may
create many loopholes for attackers to exploit