Objectives:
There has never been a more target rich environment in the history of warfare. A cyber war has been brewing for years now and web servers are being constantly attacked, whether their admins are aware of it or not.
- Topic 111.01 – Recon
- Topic 111.02 – Ciphers
Topic 111.01 – Recon
- RULE : Before attacking the web server, you need to identify what type of web server it is (e.g. IIS, Apache, NGINX).
- RULE : Before attacking the web server, you need to know what the web applications are running (e.g. Tomcat, Ruby on Rails, ASP.Net).
- RED TEAM : A lot of information about the web server(s) can be gathered from netcraft.com, type the target url into the “What’s that site running” box.
- RULE : Banner grabbing can help you identify the web server.
- RED TEAM : use telnet to view the <head> section:
- Type
telnet darkblueteam.com 80
- Type
GET HEAD / 1.0
- Press the
RETURN
key twice
- Type
- RED TEAM : use curl to view the <head> section,
curl darkblueteam.com
- RED TEAM : use telnet to view the <head> section:
- RULE : Site Ripping is the fast way to crawl a website.
- RED TEAM : On linux, use
wget
. - RED TEAM : On Windows, use
wget
, BlackWidow, Teleport Pro, etc.
- RED TEAM : On linux, use
- RULE : After you identify what the web server is, check the known vulnerabilities for that particular flavor of web server. There are websites that track vulnerabilities:
- RULE : System Administrators that don’t keep up with the patches for the web server, or have just assumed the risk for it, are leaving the door open for the attacker to exploit it.
Topic 111.02 – Ciphers
- RULE : Check to see if any weak ciphers are enabled on the server.
- RED TEAM :
openssl s_client -connect darkblueteam.com:443 -ssl2
- RED TEAM :