launch attack 1
Task 1 (6 to 7 Pages)
Module Description: In this module you will continue to launch an attack.You will investigate hacking web servers and applications.
Going further to carry out the attack includes hacking web servers.You should learn about each test first and then practice.
First, learn about hacking web servers, applications, SQL injection, wireless networks.
- Read Chapter 6 Web-based Exploitation in Basics of Hacking and Penetration Testing:Ethical Hacking http://library.books24x7.com.ezp-02.lirn.net/assetviewer.aspx?bookid=56577&chunkid=875983146&rowid=323
- Read chapters 14 – 19 in Penetration Testing: A Hands-On Introduction to Hacking http://library.books24x7.com.ezp-02.lirn.net/toc.aspx?bookid=69058 This ebook includes a downloadable virtual lab for more practice.
Second, practice pentesting in iLabs
- Certified Ethical Hacker v9 CEH CEHv9, Module 11 Hacking Web Servers
- Certified Ethical Hacker v9 CEH CEHv9, Module 12 Hacking Web Applications
- Certified Ethical Hacker v9 CEH CEHv9, Module 13 SQL Injection
- Certified Ethical Hacker v9 CEH CEHv9, Module 14 Hacking Wireless Networks
- Certified Ethical Hacker v9 CEH CEHv9, Module 16 Evading IDS, Firewalls, and Honeypots
- Certified Ethical Hacker v9 CEH CEHv9, Module 17 Cloud Computing
Task : Now you should be ready to carry out a thorough penetration test on a system in the sandbox in iLabs.Set up the lab so that you can complete penetration on the network, including evading IDS, firewalls, and honeypot. Take screen shots of the process and write a report of all findings.
Task 2 (2 pages)
PLEASE SUMMARIZE THE ARTICLE BELOW;
Task 3 (two discussion reply 200 words each)
Discussion 1:
How are web servers and applications attacked?
In the article, it is explained that web server and applications are attacked by exploiting the vulnerabilities to gain access to sensitive information. The article makes it clear that attackers focus heavily on finding flaws through PHP applications. PHP “(PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.)â€(EC-Council, 2019) There are five common attacks that occur on web application and severs such as
|
Attack |
Defense |
|
Cross Site Scripting |
Input Validation, Sanitizing User Input, Escaping user inputs |
|
SQL Injection |
Input fields should be doubled checked, Web application firewall |
|
Automated Threats |
Real time bot detection technology |
|
File Path Traveral |
Input validation, Filters |
|
Command Injection |
Whitelist validation |
Through these common types of attacks can occur DoS, password attacks, information gathering etc. Ensuring that vulnerability scans are being conducted on the network along with ensuring the latest software updates are installed on the network will help prevent from successful attacks.
Greycampus. (n.d.). Retrieved from https://www.greycampus.com/opencampus/ethical-hacking/web-server-and-its-types-of-attacks.
What is PHP? (n.d.). Retrieved from https://www.php.net/manual/en/intro-whatis.php.
EC-Council. (2019, April 30). Most Common Web Application Attacks and How to Defend Against Them. Retrieved from https://blog.eccouncil.org/most-common-web-application-attacks-and-how-to-defend-against-them/.
Discussion 2:
The article described five of the most common web server vulnerabilities one is remote code execution, SQL injection, format string vulnerabilities, Cross Site Scripting (XSS), and username enumeration.
Remote code execution vulnerability rating is critical. This vulnerability takes place because of improper coding errors, it allows an attacker to run arbitrary, system level code on the vulnerable server and retrieve any information it desires (Siddharth & Doshi, 2006). This vulnerability can be exploited by an exterior attacker, hence the term remote in the title. Software developers go through code to see if they can catch any of these coding errors before attackers do and put out a patch for the errors.
SQL injection is an attack to retrieve information from an organization’s we server database. The impact of this attack can vary from basic information disclosure to remote code execution and total system compromise (Siddharth & Doshi, 2006).
Siddharth, S. (2006, April 27). Five common Web application vulnerabilities: Symantec Connect. Retrieved from https://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities.
Format string vulnerabilities is classified as a moderate level attack. This vulnerability also affects code when malicious commands are given to format tokens to attack data in locations memory. This vulnerability is part of three categories reading, writing and denial of service. One way to defeat this vulnerability is to edit the source code so that the input is properly verified (Siddharth & Doshi, 2006).
Cross Site Scripting (XSS) is also classified a moderate level vulnerability. The goal of this attack is to set up a malicious site that will look legitimate, and users will ultimately be infected by a malicious script. To stop this vulnerability code must be edited to avoid such attacks.
Username Enumeration is an attack in which the main goal is for the attacker to identify valid usernames. There is a backend validation script that tells if the username is correct or not (Siddharth & Doshi, 2006). This vulnerability is classified as high. Usernames should not be displayed for public consumption. There should also be error messages and lockouts for trying different usernames.
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
