Hacking Web Servers Flashcards
What is Web Server Misconfiguration?
Web server misconfiguration refers to the configuration weaknesses in web infrastructure that can be exploited to launch various attacks on web servers, such as directory traversal, server intrusion, and data theft
What is a Web Cache Poisoning Attack?
Web cache poisoning damages the reliability of an intermediate web cache source. In this attack, an attacker swaps cached content for a random URL with infected content. Users of the web cache source may unknowingly use the poisoned content instead of the true and secured content when requesting the required URL through the web cache
What is a Server-Side Request Forgery (SSRF) Attack?
Attackers exploit server-side request forgery (SSRF) vulnerabilities, which evolve from the unsafe use of functions in an application, in public web servers to send crafted requests to the internal or backend servers. Internal servers are usually implemented by firewalls to prevent the network from unwanted traffic inflows
What is Website Defacement?
Website defacement refers to the unauthorized changes made to the contents of a single webpage or an entire website, resulting in changes to the visual appearance of the website or a webpage. Hackers break into webservers and alter the hosted websites by injecting code in order to add images, popups, or text to a page in such a way that the visual appearance of the page changes. In some cases, the attackers may replace the entire website instead of just changing single pages
What is parameter/form tampering?
In a parameter/form tampering attack, the attacker manipulates the parameters exchanged between the client and server to modify application data, such as user credentials and permissions as well as price and quantity of products
What is Open Sez Me?
Open Sez Me is a lookup database for default passwords, credentials, and ports
What is Open Sez Me?
Open Sez Me is a lookup database for default passwords, credentials, and ports
What is NCollector Studio?
NCollector Studio is a website mirroring tool used to download content from the web to a local computer. This tool enables users to crawl for specific file types, mak1e any website available for offline browsing, or simply download a website to a local computer
What is Nikto2?
Nikto is a vulnerability scanner used extensively to identify potential vulnerabilities in web applications and web servers
Which nmap command does an attacker use to enumerate common web applications?
nmap –script http-enum -p80
In Metasploit, what is a single?
A single is a self-contained and completely standalone exploit
In Metasploit, what is a stager payload?
Stager payloads work in conjunction with stage payloads in order to perform a specific task. A stager establishes a communication channel between the attacker and the victim and reads in a stage payload to execute on the remote host
In Metasploit, what is a stage?
Stages are downloaded by stager modules
Which nmap command does an attacker use to detect HTTP trace?
nmap -p80 –script http-trace
Which technique defends servers against blind response forgery
UDP source port randomization
