# Hacking Web Applications & Servers

<figure><img src="https://1680260334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fuyv6WKxbnPSm2zlRacJi%2Fuploads%2FbI5EcyP43x7qd8NDvDh2%2Fimage.png?alt=media&#x26;token=fd0c7759-517e-47c8-87b0-adeebb66bbde" alt=""><figcaption></figcaption></figure>

## Identify Technology (Footprint)

* Identifying the technology that is used by the web application would give us an idea on how to exploit that particular application.

#### List of tools used to identify the technology

1. httprecon
2. [wappalyzer](https://www.wappalyzer.com/)
3. whatweb (CLI)

### Other Methods

* Using Telnet
* Using NetCat

### Nmap Scripts

#### Normal HTTP Enumeration

```
nmap -sV --script=http-enum www.xyz.com
```

#### WAF Detection

```
nmap -p 80,443 --script=http-waf-detect www.xyz.com 
```

## Directory Bruteforce

Brute force directory guessing attacks are very common attacks used against websites and web servers. They are **used to finding hidden and often forgotten directories on a site to try to compromise**.

{% embed url="<https://www.youtube.com/watch?v=9Hik0xy9qd0>" %}
Check out [Alexis Ahmed's](https://ke.linkedin.com/in/alexisahmed) video on Fuzzing and Directory Brute-Force. This can gives you an idea.
{% endembed %}

### Dirbuster for Directory Brute force

DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

However, tools of this nature are often only good as the directory and file list they come with. A different approach was taken to generate this. The list was generated from scratch, by crawling the Internet and enough, the directory and files that are actually used by developers! DirBuster comes with a total of 9 different lists, this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide.

{% embed url="<https://www.kali.org/tools/dirbuster>" %}

#### CheatSheets for Dirbuster

{% embed url="<https://null-byte.wonderhowto.com/how-to/hack-like-pro-find-directories-websites-using-dirbuster-0157593>" %}

{% hint style="info" %}
You can use any directory brute force tools eg: GoBuster, Dirsearch, BruteX, etc... But make your mind that every tool makes the same process. So, master one tool and you are good to go.&#x20;
{% endhint %}

## Service Bruteforce

### Hydra

Man! I can't say words about this tool!🔥This is one of my fav tools for brute force passwords for services running on a network.

```
hydra -L /Path/To/Username/WordList -P /Path/To/Password/WordList 10.10.10.x ftp
```

On Hydra, you can set your desired service to brute force, on the above command you can see I have set the brute force to FTP. Same as you can set for any service. Examples, SSH, RDP, SAMBA, etc...  &#x20;

### Medusa

Medusa is also one of the best tools out there for brute force. Even though I love Hydra, I use medusa alot. Maybe I can prioritize Medusa first and Hydra second place.&#x20;

{% embed url="<https://shehackske.medium.com/brute-force-password-cracking-with-medusa-b680b4f33d69>" %}
This Medium has a comprehensive explanation on how tpo use medusa
{% endembed %}

```
medusa -h 10.10.10.x -U /root/Documents/user_list.txt -p /root/Documents/pass_list.txt -M ftp -F
```

## DVWA

**Damn Vulnerable Web Application (DVWA)** is a PHP/MySQL web application that is damn vulnerable. DVWA aims to practice some of the most common web vulnerabilities, with various levels of difficulty. DVWA plays one of the major roles in the C|EH (Practical) exam. It is advisable to crack DVWA and get used to the box since the challenges may appear based on the challenges available on this box.

{% hint style="warning" %}
Hey! Thank you for being up here in my process. DVWA is one of the best applications for practising your web application attacks. Since I completed this challenge years before, I request you to work on this. I can't help you with each module in the DVWA but there are tons of video tutorials and blogs about this box. Please complete this box since this might be <mark style="color:red;">**important**</mark> for your exam.
{% endhint %}

#### I have attached the solution Playlist of DVWA below 👇🏻 check this out

<https://www.youtube.com/playlist?list=PLHUKi1UlEgOJLPSFZaFKMoexpM6qhOb4Q>

{% embed url="<https://www.youtube.com/playlist?list=PLHUKi1UlEgOJLPSFZaFKMoexpM6qhOb4Q>" %}
<https://www.youtube.com/playlist?list=PLHUKi1UlEgOJLPSFZaFKMoexpM6qhOb4Q>
{% endembed %}

#### By now, you should have the knowledge on:

> * [ ] Command Injection
> * [ ] Local File Inclusion (LFI)
> * [ ] Crafting Payload using msfvenom
> * [ ] Gaining Reverse shell using netcat or metasploit
> * [ ] SQL Injection
> * [ ] XSS
> * [ ] CSRF
> * [ ] Bruteforce

## Wordlist

{% hint style="success" %}
For **Certified Ethical Hacker (Practical)** exam, You don't need to worry about the wordlist since most probably they would have attached the wordlist for each module so make use of those first. If you have any failures then go with the default wordlist.
{% endhint %}