Introduction to HTTP and web

What is a web server

A web server is an application that runs on the back-end server, which handles all of the HTTP traffic from the client-side browser, routes it to the requests destination pages, and finally responds to the client-side browser. Web servers usually run on TCP ports 80 or 443, and are responsible for connecting end-users to various parts of the web application, in addition to handling their various responses. As web applications tend to be open for public interaction and facing the internet, they may lead to the back-end server being compromised if they suffer from any vulnerabilities. Web applications can provide a vast attack surface, making them a high-value target for attackers and pentesters.

Many types of vulnerabilities can affect web applications. We will often hear about/see references to the OWASP Top 10. This is a standardized list of the top 10 web application vulnerabilities maintained by the Open Web Application Security Project (OWASP). This list is considered the top 10 most dangerous vulnerabilities and is not an exhaustive list of all possible web application vulnerabilities. Web application security assessment methodologies are often based around the OWASP top 10 as a starting point for the top categories of flaws that an assessor should be checking for.

Source HTB Academy

Different HTTP Methods

Method	Goal
GET	This method will request the resources from the server
POST	This method will allow to submit data
HEAD	This method will request the headers only
OPTIONS	This request will respond to the client with the allowed http verbs
PUT	This request will create an url with the data submitted to it
PATCH	the Accept-Patch header have to be use. This method will allow to partially update resources
TRACE	This is used to debug input sent to the client
CONNECT	This will create a proxy tunnel between the browser and the server
DELETED	This will remove a resource

Method

Goal

GET

This method will request the resources from the server

POST

This method will allow to submit data

HEAD

This method will request the headers only

OPTIONS

This request will respond to the client with the allowed http verbs

PUT

This request will create an url with the data submitted to it

PATCH

the Accept-Patch header have to be use. This method will allow to partially update resources

TRACE

This is used to debug input sent to the client

CONNECT

This will create a proxy tunnel between the browser and the server

DELETED

This will remove a resource

Cookies

Cookies are used to store informations on the client side.

Databases

This is used to store information on the server side

API

Application Programming interfaces are used for machine to machine communication. It basically helps developers to not have to code things that are already coded. For instance payment functionalities.

API uses endpoint, this an url that is used to interact with the API.
The requested data is called Resources.
A singleton is a unique object, a collection is a group of resources.
A microservice is a piece of a web app that handles a specific function.

REST API

REST stands for Representational State Transfer.

See the chapter for API here

Web shells

This part about web shells was made from my notes on the HTB Academy's payload and shells module.

A web shell is a browser-based shell session we can use to interact with the underlying operating system of a web server. Note: Most of the time you will always need to edit the webshell you use.

Laudanum

In parrot OS, the Laudanum files can be found in the /usr/share/webshells/laudanum directory. For most of the files within Laudanum, you can copy them as-is and place them where you need them on the victim to run. For specific files such as the shells, you must edit the file first to insert your attacking host IP address to ensure you can access the web shell or receive a callback in the instance that you use a reverse shell.

Antak Webshell

Antak is a web shell built-in ASP.Net included within the Nishang project. Nishang is an Offensive PowerShell toolset that can provide options for any portion of your pentest. In parrot the Antak files can be found in the /usr/share/nishang/Antak-WebShell directory.

PHP Web Shells

WhiteWinterWolf's PHP Webshell

Considerations when Dealing with Web Shells

When utilizing web shells, consider the below potential issues that may arise during your penetration testing process:

Web applications sometimes automatically delete files after a pre-defined period
Limited interactivity with the operating system in terms of navigating the file system, downloading and uploading files, chaining commands together may not work (ex. whoami && hostname), slowing progress, especially when performing enumeration -Potential instability through a non-interactive web shell
Greater chance of leaving behind proof that we were successful in our attack

Resources

PreviousExternal Pentest NextEnumeration

Last updated 5 months ago