KEMBAR78
CEH v10 Module 14 - Hacking Web Applications | PDF | Professional Titles And Certifications | Organized Crime Activity
Scribd
Upload
453 views11 pages

CEH v10 Module 14 - Hacking Web Applications

This document provides an overview of hacking web applications. It discusses how web applications work using a client-server model with front-end and back-end components. It describes the roles of server administrators, application administrators, and clients. It also outlines common web application programming languages and architectures. The document lists many threats to web applications like injection flaws, parameter tampering, and cookie poisoning. It provides details on how to test for vulnerabilities in web applications.

Uploaded by

Anxo Alonso Da Rosa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
453 views11 pages

CEH v10 Module 14 - Hacking Web Applications

This document provides an overview of hacking web applications. It discusses how web applications work using a client-server model with front-end and back-end components. It describes the roles of server administrators, application administrators, and clients. It also outlines common web application programming languages and architectures. The document lists many threats to web applications like injection flaws, parameter tampering, and cookie poisoning. It provides details on how to test for vulnerabilities in web applications.

Uploaded by

Anxo Alonso Da Rosa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.

com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

&KDSWHU+DFNLQJ:HE$SSOLFDWLRQV
7HFKQRORJ\%ULHI
6LJQLILFDQW LQFUHDVH LQ XVDJH RI :HE DSSOLFDWLRQ UHTXLUHV KLJK DYDLODELOLW\
DQG H[WUHPH SHUIRUPDQFH RI WKH DSSOLFDWLRQ ,Q WKLV PRGHUQ HUD WKH ZHE
DSSOLFDWLRQ LV SRSXODUO\ XVHG LQ WKH FRUSRUDWH VHFWRU WR SHUIRUP LPSRUWDQW
WDVNVDVZHOODVXVHGJOREDOO\IRUVRFLDOSXUSRVHV,WEHFDPHDJUHDWFKDOOHQJH
IRU WKH ZHE VHUYHU DGPLQLVWUDWRUV DQG $SSOLFDWLRQ 6HUYHU DGPLQLVWUDWRUV WR
HQVXUH VHFXULW\ PHDVXUHV DQG HOLPLQDWH YXOQHUDELOLWLHV WR SURYLGH KLJK
DYDLODELOLW\DQGVPRRWKSHUIRUPDQFH


)LJXUH:HE$SSOLFDWLRQ3HQWHVWLQJ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

:HE$SSOLFDWLRQ&RQFHSWV
:HE$SSOLFDWLRQVDUHWKDWDSSOLFDWLRQWKDWLVUXQQLQJRQDUHPRWHDSSOLFDWLRQ
VHUYHUDQGDYDLODEOHIRUFOLHQWVRYHUWKHLQWHUQHW7KHVHZHEDSSOLFDWLRQVFDQ
EHDYDLODEOHRQGLIIHUHQWSODWIRUPVVXFKDV%URZVHURU6RIWZDUHWRHQWHUWDLQ
WKHFOLHQWV8VHRI:HEDSSOLFDWLRQKDVEHHQLQFUHGLEO\LQFUHDVHGLQODVWIHZ
\HDUV :HE $SSOLFDWLRQ LV EDVLFDOO\ GHSHQGLQJ XSRQ &OLHQW6HUYHU
UHODWLRQVKLS :HE DSSOLFDWLRQV DUH EDVLFDOO\ SURYLGLQJ DQ LQWHUIDFH WR WKH
FOLHQW WR DYDLO ZHE VHUYLFHV :HE SDJHV PD\ EH JHQHUDWHG RQ WKH VHUYHU RU
FRQWDLQLQJVFULSWLQJWREHH[HFXWHGRQWKHFOLHQWZHEEURZVHUG\QDPLFDOO\

6HUYHU$GPLQLVWUDWRU
7KHVHUYHUDGPLQLVWUDWRULVWKHRQHZKRWRRNFDUHRIWKHZHEVHUYHULQWHUPV
RI VDIHW\ VHFXULW\ IXQFWLRQLQJ DQG SHUIRUPDQFH ,W LV UHVSRQVLEOH IRU
HVWLPDWLQJ VHFXULW\ PHDVXUHV DQG GHSOR\LQJ VHFXULW\ PRGHOV ILQGLQJ DQG
HOLPLQDWLQJYXOQHUDELOLWLHV
$SSOLFDWLRQ$GPLQLVWUDWRU
$SSOLFDWLRQ $GPLQLVWUDWRU LV UHVSRQVLEOH IRU WKH PDQDJHPHQW DQG
FRQILJXUDWLRQUHTXLUHGIRUWKHZHEDSSOLFDWLRQ,WHQVXUHVWKHDYDLODELOLW\DQG
KLJKSHUIRUPDQFHRIWKHZHEDSSOLFDWLRQ
&OLHQW
&OLHQWVDUHWKRVHHQGSRLQWVZKLFKLQWHUDFWZLWKWKHZHEVHUYHURUDSSOLFDWLRQ
VHUYHU WR DYDLO WKH VHUYLFHV RIIHUHG E\ WKH VHUYHU 7KHVH FOLHQWV UHTXLUH D
KLJKO\DYDLODEOHVHUYLFHIURPWKHVHUYHUDWDQ\WLPH:KLOHWKHVHFOLHQWVDUH
DFFHVVLQJWKHUHVRXUFHVWKH\DUHXVLQJGLIIHUHQWZHEEURZVHUVZKLFKPLJKW
EHULVN\LQWHUPVRIVHFXULW\

)LJXUH:HE$SSOLFDWLRQ$UFKLWHFWXUH
+RZGR:HE$SSOLFDWLRQVZRUNV"
$ :HE $SSOLFDWLRQ IXQFWLRQV LQ WZR VWHSV LH )URQWHQG DQG %DFNHQG
8VHUVUHTXHVWVDUHKDQGOHGE\IURQWHQGZKHUHWKHXVHULVLQWHUDFWLQJZLWKWKH

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

ZHE SDJHV 6HUYLFHV DUH FRPPXQLFDWHG WR WKH XVHU IURP WKH VHUYHU WKURXJK
WKHEXWWRQDQGRWKHUFRQWUROVRIWKHZHESDJH$OOSURFHVVLQJZDVFRQWUROOHG
DQGSURFHVVHGRQWKHEDFNHQG
6HUYHUVLGHODQJXDJHVLQFOXGH
5XE\RQ5DLOV
3+3
&
-DYD
3\WKRQ
-DYD6FULSW
&OLHQWVLGHODQJXDJHVLQFOXGH
&66
-DYD6FULSW
+70/
7KHZHEDSSOLFDWLRQLVEDVLFDOO\ZRUNLQJRQWKHIROORZLQJOD\HUV
3UHVHQWDWLRQ/D\HU3UHVHQWDWLRQ/D\HU5HVSRQVLEOHIRUGLVSOD\LQJDQG
SUHVHQWLQJWKHLQIRUPDWLRQWRWKHXVHURQWKHFOLHQWHQG
/RJLF/D\HU/RJLF/D\HU8VHGWRWUDQVIRUPTXHU\HGLWDQGRWKHUZLVH
PDQLSXODWHLQIRUPDWLRQWRDQGIURPWKHIRUPV
'DWD /D\HU 'DWD /D\HU 5HVSRQVLEOH IRU KROGLQJ WKH GDWD DQG
LQIRUPDWLRQIRUWKHDSSOLFDWLRQDVDZKROH
:HE
:HELVWKHJHQHUDWLRQRIZRUOGZLGHZHEZHEVLWHVWKDWSURYLGHG\QDPLF
DQGIOH[LEOHXVHULQWHUDFWLRQ,WSURYLGHVHDVHRIXVHLQWHURSHUDELOLW\EHWZHHQ
RWKHUSURGXFWVV\VWHPVDQGGHYLFHV:HEDOORZVWKHXVHUVWRLQWHUDFWDQG
FROODERUDWH ZLWK VRFLDO SODWIRUPV VXFK DV VRFLDO PHGLD VLWH DQG VRFLDO
QHWZRUNLQJVLWHV3ULRUJHQHUDWLRQLHZHELQZKLFKXVHUVDUHOLPLWHGWR
SDVVLYH YLHZLQJ WR VWDWLF FRQWHQW :HE  RIIHUV DOPRVW DOO XVHUV WKH VDPH
IUHHGRPWRFRQWULEXWHWKHFKDUDFWHULVWLFVRI:HEDUHULFKXVHUH[SHULHQFH
XVHUSDUWLFLSDWLRQG\QDPLFFRQWHQWPHWDGDWD:HEVWDQGDUGVDQGVFDODELOLW\
:HE$SS7KUHDWV
7KHWKUHDWWR:HE$SSOLFDWLRQDUH
&RRNLH3RLVRQLQJ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

,QVHFXUH6WRUDJH
,QIRUPDWLRQ/HDNDJH
'LUHFWRU\7UDYHUVDO
3DUDPHWHU)RUP7DPSHULQJ
'26$WWDFN
%XIIHU2YHUIORZ
/RJWDPSHULQJ
64/,QMHFWLRQ
&URVV6LWH ;66
&URVV6LWH5HTXHVW)RUJHU\
6HFXULW\0LVFRQILJXUDWLRQ
%URNHQ6HVVLRQ0DQDJHPHQW
'0=DWWDFN
6HVVLRQ+LMDFNLQJ
1HWZRUN$FFHVV$WWDFNV
8QYDOLGDWHG,QSXWV
8QYDOLGDWHG ,QSXW UHIHUV WR WKH SURFHVVLQJ RI QRQYDOLGDWHG LQSXW IURP WKH
FOLHQWWRWKHZHEDSSOLFDWLRQRUEDFNHQGVHUYHUV7KLVLVDYXOQHUDELOLW\WKDW
FDQEHH[SORLWHGWRSHUIRUP;66EXIIHURYHUIORZDQGLQMHFWLRQDWWDFNV
3DUDPHWHU)RUP7DPSHULQJ
3DUDPHWHUWDPSHULQJUHIHUVWRWKHDWWDFNLQZKLFKSDUDPHWHUVDUHPDQLSXODWHG
ZKLOHFOLHQWDQGVHUYHUDUHFRPPXQLFDWLQJZLWKHDFKRWKHU3DUDPHWHUVVXFK
DV,QIRUP5HVRXUFH/RFDWRU 85/ RUZHESDJHIRUPILHOGVDUHPRGLILHG%\
WKLV ZD\ D XVHU PD\ HLWKHU UHGLUHFWHG WR DQRWKHU ZHEVLWH WKDW PD\ H[DFWO\
ORRNOLNHWKHOHJLWLPDWHVLWHRUPRGLILHVWKHILHOGVXFKDVFRRNLHVIRUPILHOGV
+773+HDGHUV
,QMHFWLRQ)ODZV
,QMHFWLRQDWWDFNVZRUNZLWKWKHVXSSRUWRIZHEDSSOLFDWLRQYXOQHUDELOLWLHVLID
ZHE DSSOLFDWLRQ LV YXOQHUDEOH WKDW LW DOORZV XQWUXVWHG LQSXW WR EH H[HFXWHG
0DOLFLRXVFRGHLQMHFWLRQILOHLQMHFWLRQRUPDOLFLRXV64/LQMHFWLRQZLOOUHVXOW
LQWKHH[SORLW,QMHFWLRQIODZVLQFOXGHWKHIROORZLQJ
64/,QMHFWLRQ
&RPPDQG,QMHFWLRQ
/'$3,QMHFWLRQ
64/,QMHFWLRQ

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

64/,QMHFWLRQLVEDVLFDOO\WKHLQMHFWLRQRIPDOLFLRXV64/TXHULHV8VLQJ64/
TXHULHV XQDXWKRUL]HG XVHU LQWHUUXSWV WKH SURFHVVHV PDQLSXODWH WKH GDWDEDVH
DQGH[HFXWHWKHFRPPDQGVDQGTXHULHVE\LQMHFWLRQUHVXOWVLQGDWDOHDNDJHRU
ORVV7KHVHYXOQHUDELOLWLHVFDQEHGHWHFWHGE\XVLQJDSSOLFDWLRQYXOQHUDELOLW\
VFDQQHUV 64/ LQMHFWLRQ LV RIWHQ H[HFXWHG XVLQJ DGGUHVV EDU $WWDFNHU
E\SDVVHV WKH YXOQHUDEOH DSSOLFDWLRQ
V VHFXULW\ DQG H[WUDFWV WKH YDOXDEOH
LQIRUPDWLRQIURPLWVGDWDEDVHXVLQJ64/LQMHFWLRQ
&RPPDQG,QMHFWLRQ
&RPPDQGLQMHFWLRQFDQEHGRQHE\DQ\RIWKHIROORZLQJPHWKRGV
6KHOO,QMHFWLRQ
)LOH,QMHFWLRQ
+70/(PEHGGLQJ
/'$3,QMHFWLRQ
/'$3 LQMHFWLRQ LV D WHFKQLTXH WKDW DOVR WDNHV DGYDQWDJH RI QRQYDOLGDWHG
LQSXWYXOQHUDELOLW\$QDWWDFNHUPD\DFFHVVWKHGDWDEDVHXVLQJ/'$3ILOWHUWR
VHDUFKWKHLQIRUPDWLRQ

'HQLDORI6HUYLFH'R6$WWDFN
$QDWWDFNHUPD\SHUIRUPD'R6DWWDFNLQWKHIROORZLQJZD\V
 8VHU5HJLVWUDWLRQ'R6
$Q DWWDFNHU PD\ DXWRPDWH WKH SURFHVV WR NHHS UHJLVWHULQJ ZLWK IDNH
DFFRXQWV
 /RJLQ'R6
$WWDFNHUDWWHPSWWRVHQGORJLQUHTXHVWVUHSHDWHGO\
 8VHU(QXPHUDWLRQ
$Q DWWDFNHU PD\ DWWHPSW WR WU\ GLIIHUHQW XVHUQDPH SDVVZRUG
FRPELQDWLRQVIURPDGLFWLRQDU\ILOH
 $FFRXQW/RFNRXW
$QDWWDFNHULVDWWHPSWLQJWRORFNWKHOHJLWLPDWHDFFRXQWE\DWWHPSWLQJ
LQYDOLGSDVVZRUGV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

:HE$SS+DFNLQJ0HWKRGRORJ\
$QDO\]H:HE$SSOLFDWLRQV
$QDO\]LQJ :HE DSSOLFDWLRQ LQFOXGHV REVHUYLQJ WKH IXQFWLRQDOLW\ DQG RWKHU
SDUDPHWHUVWRLGHQWLI\WKHYXOQHUDELOLWLHVHQWU\SRLQWVDQGVHUYHUWHFKQRORJLHV
WKDWFDQEHH[SORLWHG+773UHTXHVWVDQG+773ILQJHUSULQWLQJWHFKQLTXHVDUH
XVHGWRGLDJQRVHWKHVHSDUDPHWHUV
$WWDFN$XWKHQWLFDWLRQ0HFKDQLVP
%\ H[SORLWLQJ WKH DXWKHQWLFDWLRQ PHFKDQLVP XVLQJ GLIIHUHQW WHFKQLTXHV DQ
DWWDFNHU PD\ E\SDVV WKH DXWKHQWLFDWLRQ RU VWHDO LQIRUPDWLRQ $WWDFNLQJ RQ
DXWKHQWLFDWLRQPHFKDQLVPLQFOXGHV
8VHUQDPH(QXPHUDWLRQ
&RRNLH([SORLWDWLRQ
6HVVLRQ$WWDFNV
3DVVZRUG$WWDFNV
$XWKRUL]DWLRQ$WWDFN6FKHPHV
$WWDFNHU E\ DFFHVVLQJ WKH ZHE DSSOLFDWLRQ XVLQJ ORZ SULYLOHJH DFFRXQW
HVFDODWH WKH SULYLOHJHV WR DFFHVV VHQVLWLYH LQIRUPDWLRQ 'LIIHUHQW WHFKQLTXHV
DUH XVHG VXFK DV 85/ 3267 GDWD 4XHU\ VWULQJ FRRNLHV SDUDPHWHU
WDPSHULQJ+773KHDGHUHWFWRHVFDODWHSULYLOHJHV


6HVVLRQ0DQDJHPHQW$WWDFN
$VGHILQHGHDUOLHU6HVVLRQPDQDJHPHQWDWWDFNLVSHUIRUPHGE\E\SDVVLQJWKH
DXWKHQWLFDWLRQLQRUGHUWRLPSHUVRQDWHDOHJLWLPDWHDXWKRUL]HGXVHU7KLVFDQ
EHGRQHXVLQJGLIIHUHQWVHVVLRQKLMDFNLQJWHFKQLTXHVVXFKDV
6HVVLRQ7RNHQ3UHGLFWLRQ
6HVVLRQ7RNHQ7DPSHULQJ
0DQLQWKH0LGGOH$WWDFN
6HVVLRQ5HSOD\
3HUIRUP,QMHFWLRQ$WWDFNV
,QMHFWLRQ DWWDFN LV EDVLFDOO\ DQ LQMHFWLRQ RI PDOLFLRXV FRGH FRPPDQGV DQG
ILOH E\ H[SORLWLQJ WKH YXOQHUDELOLWLHV LQ D ZHE DSSOLFDWLRQ ,QMHFWLRQ DWWDFN
PD\EHSHUIRUPHGLQDGLIIHUHQWIRUPVXFKDV

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

:HE6FULSW,QMHFWLRQ
26&RPPDQG,QMHFWLRQ
6073,QMHFWLRQ
64/,QMHFWLRQ
/'$3,QMHFWLRQ
;3DWK,QMHFWLRQ
%XIIHU2YHUIORZ
&DQRQLFDOL]DWLRQ
$WWDFN'DWD&RQQHFWLYLW\
'DWDEDVH FRQQHFWLYLW\ DWWDFN LV IRFXVHG RQ H[SORLWLQJ WKH GDWD FRQQHFWLYLW\
EHWZHHQ DSSOLFDWLRQ DQG LWV GDWDEDVH 'DWDEDVH FRQQHFWLRQ UHTXLUHV
FRQQHFWLRQ VWULQJ WR LQLWLDWH D FRQQHFWLRQ WR WKH GDWDEDVH 'DWD FRQQHFWLYLW\
DWWDFNLQFOXGHV
 &RQQHFWLRQ6WULQJ,QMHFWLRQ
 &RQQHFWLRQ6WULQJ3DUDPHWHUV3ROOXWLRQ &633
 &RQQHFWLRQ3RRO'R6










0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

&RXQWHUPHDVXUHV
(QFRGLQJ6FKHPHV
:HE $SSOLFDWLRQV XVHV GLIIHUHQW HQFRGLQJ VFKHPHV IRU VHFXULQJ WKHLU GDWD
7KHVHHQFRGLQJVFKHPHVDUHFDWHJRUL]HGLQWRWKHWZRFDWHJRULHV
85/(QFRGLQJ
85/ (QFRGLQJ LV WKH HQFRGLQJ WHFKQLTXH IRU VHFXUH KDQGOLQJ RI 85/ ,Q
85/ (QFRGLQJ 85/ LV FRQYHUWHG LQWR DQ $6&,, )RUPDW IRU VHFXUH
WUDQVSRUWDWLRQRYHU+7738QXVXDO$6&,,FKDUDFWHUVDUHUHSODFHGE\$6&,,
FRGHDIROORZHGE\WZRKH[DGHFLPDOGLJLWV7KHGHIDXOWFKDUDFWHUVHWLQ
+70/LV87))ROORZLQJFKDUWLVVKRZLQJVRPHV\PEROVDQGWKHLUFRGHV

&KDUDFWHU )URP:LQGRZV )URP87)
VSDFH  
  
  
  
  
  
 
7DEOH(QFRGLQJ6FKHPHV
+70/(QFRGLQJ
6LPLODU WR 85/ (QFRGLQJ +70/ HQFRGLQJ LV D WHFKQLTXH WR UHSUHVHQW
XQXVXDO FKDUDFWHUV ZLWK DQ +70/ FRGH $6&,, ZDV WKH ILUVW FKDUDFWHU
HQFRGLQJ VWDQGDUG ZKLFK VXSSRUWV  GLIIHUHQW DOSKDQXPHULF FKDUDFWHUV
2WKHU WHFKQLTXHV VXFK DV $16, DQG ,62 VXSSRUW  87)
8QLFRGH FRYHUVDOPRVWHYHU\FKDUDFWHUDQG6\PERO
)RU+70/
PHWDKWWSHTXLY &RQWHQW7\SHFRQWHQW WH[WKWPOFKDUVHW ,62
!
)RU+70/
PHWDFKDUVHW 87)!

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx


0LQG0DS

Certified Ethical Hacker v10 https://www.ethicalhackx.com fb.com/ethicalhackx

You might also like