Skip to main content

Posts

WHAT YOU NEED TO KNOW ABOUT WEB SERVERS

 WHAT YOU NEED TO KNOW ABOUT WEB SERVERS A web server is just a piece of software running on the operating system of a server that allows connections to access a web application. The most common web servers are Internet Information Services (IIS) on a Windows server and Apache Hypertext Transfer Protocol (HTTP) Server on a Linux server. These serv-ers have normal directory structures like any other computer, and it’s these direc-fories that house the web application. If you follow the Windows next, next, next, finish approach to installing an IIS web server, you will end up with the default C:\Inetpub\wwwroot directory struc-ture where each application will have its own directories within wwwroot and all vital web application resources are contained within it. Linux is more varied in the file structure, but most web applications are housed in the /var/www/ directory. There are several other directories on a Linux web server that are especially relevant to web hacking: ■ /etc/shadow...
Post a Comment
Read more
Recent posts

Basic of web application :- introduction

 INTRODUCTION There is a lot of ground to cover before you start to look at specific tools and how to configure and execute them to best suit your desires to exploit web applica-tions. This chapter covers all the areas you need to be comfortable with before we get into these tools and techniques of web hacking. In order to have the strong foundation you will need for many years of happy hacking, these are core fun damentals you need to fully understand and comprehend. These fundamentals iincludematerial related to the most common vulnerabilities that continue to plague the web even though some of them have been around for what seems like forever. Some of the most damaging web application vulnerabilities “in the wild” are still as widespread and just as damaging over 10 years after being discovered. It’s also important to understand the time and place for appropriate and ethni-cal use of the tools and techniques you will learn in the chapters that follow. As one of my friends and co...
Post a Comment
Read more

Creating Password Lists

 Creating Password Lists From the OSINT searches, we have learned a great deal about SUCK and their organization. The next step is to find more targeted information about the company, the people, the location, and their customers by developing more customized password lists. We have all used large password lists in the past and specifically in THP1, but we are looking to crack that 70%+ rate. To achieve this, we need to create custom and smart word lists based on our victim companies and related industries. In the last book, we used the crackstation list, which we will definitely use again, but after having a great password base, you need to also build a list of custom passwords. Wordhound (https://bitbucket.org/mattinfosec/wordhound.git) (Kali Linux) Wordhound is a tool that creates word lists and dictionaries based on Twitter searches, PDF documents, and even Reddit sub-reddits. So to target our victim company, we can grab all the results from their tweets and even words that mig...
Post a Comment
Read more

The Entire Communication Process in Networking

 The Entire Communication Process in Networking Now let us look at the entire communication process considering all the layers collectively. Assume we are sending an email to the address bhushan@glsict.org. Here 'bhushan' is a mailbox on the mail server of "glsict.org'. It is like having a few mailboxes at the entry of an apartment for each of its residents. Here the address "glsict.org' is similar to an apartment address which is common for all mailbox holders at the same place. All of us who work at 'glsict' are given a separate mailbox to store received mails. Whenever a postman has to deliver a mail to a mailbox X belonging to apartment Y, he first of all finds out the apartment Y and then drops the letter in the mailbox X. So the first job is to find out the address of Y. The email ID bhushan@glsict.org is not the actual address. It gets converted to a 32 bit integer known as the IP address. A process known as Domain Name Service is invited to fin...
Post a Comment
Read more

Function of Each OSI Model Layer

 Function of Each OSI Model Layer We have had several descriptions of layers in this chapter using metaphors. What are these layers actually accountable for? The following sections provide a brief summary of what different layers do. We will start with the physical layer and move up gradually up to the application layer. In later chapters, we will describe the applications of each layer at length. The Physical Layer As mentioned earlier in the example, the physical layer's job is that of a transporter; to carry the bits from one end to another. It has to use the communication medium available, i.e., a wired or a wireless connection to transfer the bits to the other end. It is interesting to note that there is more than one mechanism to transfer the bits from one end another using the same medium (Figure 1.4). The study of physical layer describes different ways of transferring bits from one end to another and their pros and cons. In the next chapter, we will see two basic ways to t...
Post a Comment
Read more

The Difference Between TCP/IP and OSI Models

 The Difference Between TCP/IP and OSI Models A few important differences between the two models are discussed here. 1. One difference has already been discussed; the difference in the number of layers. OSI has seven layers, while the TCP/IP has only five layers.  2. The OSI layering scheme was based on the decisions made by their committee members, most of them telecoms. They preferred the mechanism called connection oriented transfer for their communication. It worked like telephones where a connection is established first, then the data transfer takes place, and at last the connection is closed. On the other way round, the TCP/IP model was based on connectionless transfer where the data is pumped into the network without establishing any connection to the recipient. This mechanism is more like sending a telegram to somebody. That is why the data chunks travelling in the network are usually referred to as datagrams. We just send it without really knowing if the recipient's a...
Post a Comment
Read more

Connection-oriented vs. Connectionless Transfer

 Connection-oriented vs. Connectionless Transfer When we call abroad using telephone lines, the entire telephone line including the expensive intercontinental trunk is occupied for the duration of the call. This is known as connection oriented solution. Almost half of our verbal communication is punctuated with pauses without which our sentences don't make sense. The problem with connection-oriented transfer is that it keeps the line busy even though there is no data transfer. The connectionless mechanism does not establish the connection beforehand, so the entire line is not occupied throughout the duration of the call. The only line which is transferring our packet (the voice travels as small digitized chunks known as packets in connectionless mechanism) is occupied. Consider the following example depicted in Figure 1.3 to understand connection-oriented communication. The caller calls from Ahmedabad. The call is connected to an exchange at Vadodara. From Vadodara, it gets connect...
Post a Comment
Read more