The following are some of the main vulnerabilities that websites and web applications have:
Directory Traversal Attack
A directory can be described as a folder that a web designer uses to store the website’s files. A directory traversal attack is where a hacker is able to gain access to and navigate between web directories and the files that have been stored in the directories. These are some of the most sensitive files for a website, for example, root, htaccess, and config files.
Another name for a directory traversal attack is the ../ (dot dot slash) attack. It is important to first understand what this means. Whenever a “..” is typed as a command, an instruction is issued to the system to move one folder up. Let’s assume that you are currently at the location C: Users/Alex/Downloads/Education. If you type “..”, you would move one folder up to C: Users/Alex/Downloads. If the command is entered again, you would end up in C: Users/Alex.
Now, if you want to gain access to a text file called abc.txt that is located in the folder “Alex,” you would have to type the command “….abc” to move to where the text file is stored. Notice that there are four dots that have been typed in order to move two folders up.
A directory traversal attack is an HTTP exploit aimed at accessing restricted files or viewing random files on a web server, for example, password files and SSL private keys.
Most hackers are usually keen on getting into the root directory of a server, and this is possible using the dot dot slash technique described above. Exploiting this vulnerability can provide you access to files containing passwords or confidential information.
A hacker can also perform searches to determine the types of files in a website directory that are publicly accessible. You can use a spider program like HTTrack website Copier to find every file that is accessible publicly. This free tool is easy to use. Just load it, name the project, and instruct the software which websites it should mirror. In a few minutes or maybe hours, HTTrack will show you all the files and records that the website contains and store them in your drive C:\My Websites.
Most sites often contain sensitive information that should not be viewed publicly, for example, source codes and application scripts. Watch out for any .zip or -rar files in the website’s server. Even .html or PDf files may contain valuable information.
Another way to search for public files is through Google. You can use Google’s advanced queries to expose sensitive information, credit card numbers, critical website server
Directories and webcams. When Google searches a website, it usually stores all its publicly available records or files in its cache. This makes it even easier to access information because you won’t have to mirror the website and search through all those files manually. Here are some advanced Google queries that any hacker can use. All you have to do is type into the Google search box:
- site: hostname keywords — when you use this type of query, Google searches for the keyword that you have indicated.
- A practical example would be: site:www.techhyme.com confidential or site:;www.techhyme.com credit card
- filetype: file-extension site: hostname — when you use this type of query, Google searches for a specific file type on the website you are targeting. These could be doc. Zip, pdf, rar,db, and so on. Some of these file types may contain regular web information, but you never know what valuable information you might find, so check them anyway.
- A practical example would be: filetype: pdf site:www.techhyme.com
There are other types of advanced Google operators that you can use, such as:
- inurl — This operator looks for the keywords you want within a web page’s URL.
- allintitle — This operator looks for keywords within the title of all web pages.
- link — This operator reveals all other websites that are linked to a specific web page.
- related — This operator looks for web pages that are similar to the one you have.
Directory traversal countermeasures Protecting a website against directory traversal attacks by malicious hackers involves
Employing three major countermeasures:
- Avoid storage of old, confidential, and private files or records on the server. Make sure that only your Document Root or /htdocs folder only contains the files that are critical to the smooth functioning of the website. Such files must never have any sensitive information that you wouldn’t want the public to see.
- Prevent Google and other search engines from crawling your site and storing sensitive data in their cache by configuring your robots.txt file.
- Make sure that the web server you are using is configured to allow only the necessary directories to be accessible by the public. Set up minimum privileges in order to control public access, and only allow access to the directories that enable the site to run properly. If you aren’t sure how to do this, read your web server documentation. If you are using Internet Information Services, check in your IIS Manager. In case your server is using Apache, check in the .htaccess or httpd.conf files.
One other option that can be effective against malicious hackers is Google Hack Honeypot. This search engine honeypot attracts malicious hackers and enables you to see how they are hacking your site. You will then be able to take the relevant countermeasures.
Default Script Attacks
Most web developers or webmasters usually use scripts on their websites without really understanding how the script works and in most cases without testing them. They tend to put convenience over web security. A lazy web developer would rather use a publicly accessible script for their website yet such default scripts are very insecure. A malicious hacker can easily gain unauthorized access to the files stored on a web server and manipulate whatever they want.
- 12 Point Checklist – PHP Security Best Practices
- Secure Programming Checklist – 2023 Compilation Guide
- The Ultimate Network Security Checklist – 2023 Complete Guide
- A Comprehensive Guide to Crafting Strong Passwords
- Top 28 Essential Tips To Safeguard Your Computer
- 26 Tips for Secure Browsing and Online Shopping
- Essential Guiding Principles for Secure Computer Usage
- Protect Your PC: A Guide to Securing Your Browser for Maximum Safety
- Crafting a Strong Password – Tips and Tricks
- Top 10 Key Challenges in Securing IoT Networks
What makes default script attacks widespread is the fact that most programs, such as Active Server Pages and Hypertext Preprocessor, have scripts that are poorly written. There is a lot of poorly written code being used in websites. These errors can be seen in the content management systems that website developers and administrators use to maintain their content. All a hacker has to do is use sample scripts and install them on the target website.
To deploy a default script attack, you first need to test for the presence of any script vulnerabilities. You can read through scripts manually or employ a text search tool to look for user ID’s, passwords, or other types of sensitive information. Examples of keywords to search for include user, password, pwd, pass, root, admin, or logon.
Website Password Hacking
Whenever a person fills in their username and password into a web application and clicks ENTER, that information is sent for authentication. However, a hacker can easily capture that information, store it, and analyze it at a later time. This becomes even easier if the hacker is doing it from a Local Area Network (LAN).
The hack described below works best for LAN, so if you want to do it over the Internet, you will have to be on a central HUB or Gateway router. Make sure that the network you are on allows broadcast traffic and your LAN card is in promiscuous mode. Try the steps below using VMWare first.
- Download and install Wireshark if you don’t already have it.
- Run Wireshark in Kali Linux. Go to Application > Kali Linux > Top 10 Security Tools > Wireshark. Once Wireshark is open, click on Capture, and then Interface. In the device column, select the interface that you want to use. Press the start button for Wireshark to begin capturing traffic.
- Since Wireshark will capture a lot of traffic and data on the network, you will have to filter it out. Remember, we are only interested in the POST data because every login made by a user generates a POST method. This simply means that the user has sent data to a remote server. Go to the filter text box and type http.request.method = = “POST”. This will bring up a result showing all POST events.
- Analyze the data to obtain the username and password. Every user login will have its own line of information. Right-click on the line you want to hack information from. A list of options will open, and at the bottom click on Follow TCP Stream. A new window will open up, with the password and username being shown in the “password” and “scifuser” fields respectively. In some cases, the password may appear in hashed form, so you will have to identify the hash value.
- You can identify the hash type by using Hash ID. Run the program and type the words hash-identifier in the root@kali command line. Copy and paste the hash value in the HASH command line. The program will tell you the possible hash type.
- Use one of the many hashed password cracking tools available, such as hashcat, cudahashcat, or other software. This will reveal to you the actual plaintext password.
Countermeasures against website hacking
Maintaining the security of a website or web application requires constant vigilance. Web administrators and developers must keep up with what is going on in the hacking world, the tools being developed, and the techniques that malicious hackers are adopting. The following measures can help keep a website secure:
- It is true that not every website can afford to implement SSL encryption for password security. However, administrators of public websites must ensure that passwords are at least hashed in order to provide one more layer of security against malicious hackers. There is no need making life easy for a hacker who might simply be trying their luck to hack your site.
- A different machine should run every server in order to provide better protection for databases and web applications. Each machine should be thoroughly tested to make sure that its operating system is secure.
- Utilize the in-built security features in the web server to control access and isolate different applications. In the event that one application is hacked, the other ones won’t be vulnerable.
- Obscure the server’s identity using an anonymizer tool like Port 80 Software Server Mask.
- Set up a network-based firewall to detect and prevent hackers from accessing your network.
- Use programs like Server Defender and SecurelIS to detect real-time attacks and stop them before they cause any damage.
- Keeping a website or web application secure requires every web developer to understand that they are the first line of defense. This can make a huge impact on the overall security of information.