Hacking Starter Part2

7. Web Technologies

HTTP, web technologies and architecture

Web Architecture 101 - the basic architecture concepts https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/ https://www.hacker101.com/sessions/web_in_depth https://www.w3schools.com/whatis/whatis_http.asp https://www.tutorialspoint.com/http/http_status_codes.htm https://www.tutorialspoint.com/http/http_url_encoding.htm https://www.tutorialspoint.com/http/http_requests.htm https://www.tutorialspoint.com/http/http_responses.htm http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm https://developers.google.com/web/fundamentals/security/ http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies

Numerical systems and bases

https://www.tutorialspoint.com/basics_of_computers/basics_of_computers_number_system.htm

Web server applications

Basics of web dev

Web

Secure Sockets Layer and HTTP https://www.digicert.com/ssl/ https://www.youtube.com/watch?v=hExRDVZHhig

Learn about virtual hosting https://www.youtube.com/watch?v=R0WHr_MCzsU

Installing vhosts with Apache https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-18-04-quickstart https://linuxize.com/post/how-to-set-up-apache-virtual-hosts-on-ubuntu-20-04/

Zone transfer https://www.acunetix.com/blog/articles/dns-zone-transfers-axfr/ https://www.youtube.com/watch?v=JDc9IZVFLm0

MIME https://www.youtube.com/watch?v=eq6R6dxRuiU https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types

Practice

  • Install Apache inside your vm, change the home page of the hosted site using vim. Access this page in your browser (on the host).

  • Change your host file to access the Linux system under the following names: vulnerable.

  • Write an HTTP client to retrieve the home page of your site using an http library (for example net/http in ruby).

  • Write an HTTP client to retrieve the home page of your site using a socket.

  • Download Burp Suite and visit a website and see what requests are sent and what responses are received.

  • PHP basics:

    • Install PHP in your virtual machine (using your previous Apache installation), write a script that echoes back a parameter in the URL. For example, accessing http://vulnerable/hello.php?name=Louis will return "Hello Louis".

    • Install Mysql and create a script that retrieves information from it, like article.php?id=1 returns a book and article.php?id=2 returns a computer.

    • Create a page that sends data to itself using a POST request.

  • DNS and whois:

    • Install the command line tool dig in your vm.

    • Find what name servers are used by PentesterLab, find what Mail servers are used by pentesterlab and find the Ip address of www.pentesterlab.com

    • Obtain information about pentesterlab.com using the whois tool.

  • Setup SSL:

    • enable HTTPs on your web server

    • make sure you disabled all the weak ciphers.

  • Play with SSL:

    • write a SSL client using an HTTP library.

    • write a SSL client using a socket.

    • acces your SSL server with your previous HTTP script and socat to do the connection socket<->ssl-socket.

    HTTP server

    • Write a HTTP server (use fork to handle more than one connection)

    • Connect to your HTTP server with your browser and check the requests done by your browser