What is a Web server ?

1. A web server is a storage area, which in-turn a program,

2. That stores files ( web pages, CSS Scripts, images, java script files ) relevant to the websites in a secure folder. 

3. Control website and file access located in the server by the website users via the internet.

4. Control sessions and maintain file access details

5. Web server indicates both Hardware and software.

How Web server works ?

1.HTTP (Hyper Text Transfer Protocol) is used to transfer web pages from a Web Server to Web Client (Browser).

2. Web Pages are arranged in a directory structure in the Web Server.

3. HTTP supports CGI (Common Gateway interface).

4.Why HTTP is used in Websites - The reason is, HTTP supports Virtual Hosting (Hosting multiple sites on the same server).
How to Hack a WebServer ( Hacking / attacking server is illegal this article provides only a high level view for educational purposes)

Step 1
            Get the reverse IP of the target server goto the below link 

Step 2
            Type the website name and press the check button. Automatically you are able to see 398 domains available in the below specified IP Address. All these websites are hosted in this server.

Step 3
            Goto bing search engine and type the ip address in the below format 
Ip: [ip address].php?id=

            The above search code will filter the searching in that specified ip address with the vulnerable web pages listed which got sql injection vulnerabilities.

Step 4
            We need to identify the page where you are able to upload any documents or images. If you found any pages with uploading options. That’s the root for us to enter into the web server.

Step 5
            Below is my blog where I posted to the web server injection script. We need to upload this script into the vulnerable website

Download shell.php file :- https://t.me/OnlineHacking/920

Step 6
            Copy the code and create a php file with the script taken from my blog. Am naming the php file as shell.php

Step 7
            Try to upload the script (php) file. Its throwing an error.

Step 8
            Now Open Burp Suite tool, in case if it didn’t work in windows environment. Prefer Linux environment (Specifically Kali linux)

Step 9
            This is the first page of Burp Suite tools. Click the next button

Step 10
            You will be moved to the next page. Click “Start Burp” button to start monitoring the user machine from which you are trying to upload.

Step 11
            Yes burpsuite is running in the back ground.

Step 12
            Now try to upload the php shell once again. Still its throwing error.

Step 13
            The file will get automatically cached in Burp suite. You can see the content type of the file. Change it to jpeg as shown in the below pictures and click forward button to go ahead.

Step 14
            The script is uploaded and the site consider it as image 12 a real hacking bypassing the upload validation Check out the path where its getting uploaded.

Step 15
            Goto the server path by typing the ip address and path where it gets uploaded

Step 16
            Yes you are into the server to do any kind of changes in the server. Your Web server is hacked.

Join my telegram channel for more HACKS


No comments: