Introduction to HTTP and web
Last updated
Last updated
A web server is an application that runs on the back-end server, which handles all of the HTTP traffic from the client-side browser, routes it to the requests destination pages, and finally responds to the client-side browser. Web servers usually run on TCP ports 80 or 443, and are responsible for connecting end-users to various parts of the web application, in addition to handling their various responses. As web applications tend to be open for public interaction and facing the internet, they may lead to the back-end server being compromised if they suffer from any vulnerabilities. Web applications can provide a vast attack surface, making them a high-value target for attackers and pentesters.
Many types of vulnerabilities can affect web applications. We will often hear about/see references to the OWASP Top 10. This is a standardized list of the top 10 web application vulnerabilities maintained by the Open Web Application Security Project (OWASP). This list is considered the top 10 most dangerous vulnerabilities and is not an exhaustive list of all possible web application vulnerabilities. Web application security assessment methodologies are often based around the OWASP top 10 as a starting point for the top categories of flaws that an assessor should be checking for.
Source HTB Academy
Method | Goal |
---|---|
Cookies are used to store informations on the client side.
This is used to store information on the server side
Application Programming interfaces are used for machine to machine communication. It basically helps developers to not have to code things that are already coded. For instance payment functionalities.
API uses endpoint, this an url that is used to interact with the API.
The requested data is called Resources.
A singleton is a unique object, a collection is a group of resources.
A microservice is a piece of a web app that handles a specific function.
REST stands for Representational State Transfer.
See the chapter for API here
This part about web shells was made from my notes on the HTB Academy's payload and shells module.
A web shell is a browser-based shell session we can use to interact with the underlying operating system of a web server. Note: Most of the time you will always need to edit the webshell you use.
In parrot OS, the Laudanum files can be found in the /usr/share/webshells/laudanum
directory.
For most of the files within Laudanum, you can copy them as-is and place them where you need them on the victim to run. For specific files such as the shells, you must edit the file first to insert your attacking host IP address to ensure you can access the web shell or receive a callback in the instance that you use a reverse shell.
Antak is a web shell built-in ASP.Net included within the Nishang project. Nishang is an Offensive PowerShell toolset that can provide options for any portion of your pentest.
In parrot the Antak files can be found in the /usr/share/nishang/Antak-WebShell
directory.
When utilizing web shells, consider the below potential issues that may arise during your penetration testing process:
Web applications sometimes automatically delete files after a pre-defined period
Limited interactivity with the operating system in terms of navigating the file system, downloading and uploading files, chaining commands together may not work (ex. whoami && hostname), slowing progress, especially when performing enumeration -Potential instability through a non-interactive web shell
Greater chance of leaving behind proof that we were successful in our attack
GET
This method will request the resources from the server
POST
This method will allow to submit data
HEAD
This method will request the headers only
OPTIONS
This request will respond to the client with the allowed http verbs
PUT
This request will create an url with the data submitted to it
PATCH
the Accept-Patch header have to be use. This method will allow to partially update resources
TRACE
This is used to debug input sent to the client
CONNECT
This will create a proxy tunnel between the browser and the server
DELETED
This will remove a resource