Server-side attacks are exploiting and finding vulnerabilities in
services, ports, and applications running on a server.
For example,
a web server has several attack vectors. It is a server running an operating
system and running various pieces of software to provide web functionality. It
has many open TCP ports. Each one of these vectors could harvest a
vulnerability that an attacker could exploit to get into the system and obtain
valuable information. Many protocols on servers are handled through readable
non-encrypted text.
Let's take a
look at some tools available in Kali for identifying vulnerabilities on
servers.
Webshag
Webshag is a multi-threaded,
multi-platform tool used to audit web servers. Webshag gathers commonly useful
functionalities for web servers such as port scanning, URL scanning and file
fuzzing. It can be used to scan a web server in
HTTP or HTTPS, through a proxy and using HTTP authentication (basic or
digest).
In addition,
Webshag can use IDS evasion capabilities aimed at making correlation between
requests more complicated.
Webshag
provides additional innovative capabilities such as retrieving the list of domain
names hosted on a target machine as well as fuzzing using dynamically generated
filenames. Webshag can perform fingerprinting of web pages while being resistant
to content changes. This feature is designed as a false positive removal algorithm
aimed at dealing with "soft 404" server responses.
Webshag is
accessed through a GUI or a command-line console and available with the Linux
and Windows platforms. Webshag can be found under Web Applications| Web Vulnerability Scanners as webshag-gui.
Webshag is
easy to use. Each feature has a tab on the top. Select the desired feature tab,
enter in your target URL under the target space and click on OK to execute. You can run multiple
tabs simultaneously.
Features include Port Scanning, Spider, URL Scan, and
Fuzzing.
Skipfish
Skipfish is a web application security
Reconnaissance tool. Skipfish prepares an interactive sitemap for the target
using recursive crawl and dictionary-based probes.
The
resulting map provides output after being scanned by security checks. Skipfish
can be found under Web Applications | Web Vulnerability Scanners as skipfish. When you first open Skipfish, a Terminal window will pop up showcasing the
Skipfish commands. Skipfish can use built-in or customizable dictionaries for vulnerability
assessment.
Note that
some dictionaries may not be found in Kali. You can download the latest version
of Skipfish and default dictionaries from https://code.google.com/p/skipfish/.
ProxyStrike
ProxyStrike is a web
application proxy built to identify vulnerabilities while browsing an
application. It runs like a proxy listening on port 8008 by default, meaning you have to configure
your Internet browser to run through ProxyStrike so that it can analyze all the
parameters in the background while your surf the target's website.
The proxy
features are great for identifying, intercepting, and modifying requests. To
configure an Internet browser such as Firefox to use ProxyStrike, select in FireFox Preferences | Advanced | Network and select Settings. Select Manual Proxy and enter the
IP address of your Kali server followed by the port of 8008 (unless you plan to change the ProxyStrike
default port).
To use
ProxyStrike, go to Web Applications | Web Vulnerability Scanners and select ProxyStrike. Assuming your Internet browser is sending traffic to
ProxyStrike, you should see captured traffic in the Comms tab.
Vega
Vega is a security testing tool used
to crawl a website and analyze page content to find links as well as form
parameters.
To launch
Vega, go to Web Applications | Web Vulnerability Scanners and select Vega. Vega will flash an introduction banner and display a GUI.
Owasp-Zap
Owasp-Zap also known as Zaproxy is an intercept proxy designed
for the security testing of web applications.
Open Zaproxy
by going to Web Applications | Web Application Fuzzers and selecting owasp-zap. There will be a disclaimer pop-up that must be accepted to start
the program.
Websploit
Websploit is an open source project used to
scan and analyze remote systems to find vulnerabilities.
To access
Websploit, go under Web Applications | Web Application Fuzzers and select websploit. A Terminal window will pop up with the Websploit
banner. You can see all the available modules
and what is required to run a specific module by typing show modules.
Exploitation
If a
Penetration Tester invests the proper time and resources during the Reconnaissance
of a target, the Penetration Tester should end up with a list of targets with
possible vulnerabilities. The next step is prioritizing each target's value to
your mission, approximating the level of effort required to exploit potential
vulnerabilities, and judging the associated risk with performing the attack.
The vulnerability and exploitation available in Kali are ideal for identifying
and exploiting vulnerabilities found during the Reconnaissance of web
application servers.
Metasploit
The Metasploit framework is
one of the most popular tools for exploiting server-side attacks. It is
considered one of the most useful tools for Penetration Testers. HD Moore created
it in 2003. It is used as a legitimate Penetration Testing tool, as well as a
tool used by attackers to conduct unauthorized exploitation of systems.
There are a
plenty of sources dedicated to teaching how to use the Metasploit framework. In
the context of this book, we will examine how Metasploit is used for
server-side exploitation for testing potential web applications.
The first
step is to open up a console and type in msfconsole to launch Metsaploit. msfconsole is the most popular way to launch Metasploit. It provides a user interface
to access the entire Metasploit framework. Basic commands such as help and show will allow you to navigate through Metasploit.
Note to make
sure Postgres SQL and Metasploit services are started. You can do so by typing service postgres start and service metasploit start in the Terminal window as root.
Note that
there are other methods to launch Metasploit such as msfgui (GUI-based) and msfcli (command line-based).
In addition
to Metasploit commands, msfconsole will allow you to invoke underlying OS commands such as ping or nmap. This is helpful because it allows an attacker to execute routine
tasks without leaving the console.
No comments:
Post a Comment