Jane, an ethical hacker, is testing a target organization’s web server and website to identify security loopholes. In this process, she copied the entire website and its content on a local drive to view the profile of the site’s directory structure, file structure, external links, images, web pages, and so on. This information helps Jane map the website’s directories and gain valuable information.
What is the attack technique employed by Jane in the above scenario?
Option 1 : Website defacement
Option 2 : Website mirroring
Option 3 : Web cache poisoning
Option 4 : Session hijacking
1. Website defacement
Website defacement is analogous to drawing graffiti on a wall, only it happens virtually. Websites’ appearance change – pictures and/or words are scrawled across the defaced website.
Why Websites are Defaced
Attackers may have different motivations once they deface an internet site . Political motivation is one. Attackers who are against a government or a specific movement can prefer to deface related websites to air their views. Attackers who do that are referred to as “hacktivists”. they’ll change the content of the defaced website with an image or a message of their choice.
Other attackers may prefer to deface an internet site for fun – to mock site owners by finding website vulnerabilities and exploiting these to deface the web site . These attackers “taunt” the location owners. almost like hacktivits, these attackers deface an internet site with an image or a message of their choice.
In both cases, website owners face some damage to their reputation once their sites are defaced.
2. Website mirroring
A mirror site may be a website or set of files on a computer server that has been copied to a different computer server in order that the location or files are available from quite one place. A mirror site has its own URL, but is otherwise just like the principal site. Load-balancing devices allow high-volume sites to scale easily, dividing the work between multiple mirror sites.
A mirror site is typically updated frequently to make sure it reflects the contents of the first site. In some cases, the first site may arrange for a mirror site at a bigger location with a better speed connection and, perhaps, a better proximity to an outsized audience.
If the first site generates an excessive amount of traffic, a mirror site can ensure better availability of the web site or files. For websites that provide copies or updates of widely used software, a mirror site allows the location to handle larger demands and enables the downloaded files to arrive more quickly. Microsoft, Sun Microsystems and other companies have mirror sites from which their browser software are often downloaded.
Mirror sites are wont to make site access faster when the first site could also be geographically distant from those accessing it. A mirrored web server is usually located on a special continent from the principal site, allowing users on the brink of the mirror site to urge faster and more reliable access.
Mirroring an internet site also can be done to make sure that information are often made available to places where access could also be unreliable or censored. In 2013, when Chinese authorities blocked access to foreign media outlets just like the Wall Street Journal and Reuters, site mirroring was wont to restore access and circumvent government censorship.
Port mirroring
Port mirroring allows network administrators to research data, monitor traffic and diagnose network problems. By placing a protocol analyzer on a port, administrators can keep track of switch performance.
When port mirroring is enabled, a switch sends copies of all network packets from one port to a different to be analyzed. Different switch manufacturers have their own names for port mirroring, including Switched Port Analyzer, as coined by Cisco.
Content delivery network
Mirroring might be considered a static sort of content delivery. almost like a mirror site, a content delivery network (CDN) exists as multiple copies on servers in several locations round the world. sort of a mirror site, a CDN allows for easier access to content from geographically diverse locations.
Even when bandwidth is restricted , a CDN can meet requests like delivering streaming audio and video content. However, a CDN isn’t a particular replica of a site, but caches content from the first site.
3. Web cache poisoning
Web cache poisoning is a complicated technique whereby an attacker exploits the behavior of an internet server and cache in order that a harmful HTTP response is served to other users.
Fundamentally, web cache poisoning involves two phases. First, the attacker must compute the way to elicit a response from the back-end server that inadvertently contains some quite dangerous payload. Once successful, they have to form sure that their response is cached and subsequently served to the intended victims.
A poisoned web cache can potentially be a devastating means of distributing numerous different attacks, exploiting vulnerabilities like XSS, JavaScript injection, open redirection, and so on.
How does an internet cache work?
To understand how web cache poisoning vulnerabilities arise, it’s important to possess a basic understanding of how web caches work.
If a server had to send a replacement response to each single HTTP request separately, this is able to likely overload the server, leading to latency issues and a poor user experience, especially during busy periods. Caching is primarily a way of reducing such issues.
The cache sits between the server and therefore the user, where it saves (caches) the responses to particular requests, usually for a hard and fast amount of your time . If another user then sends the same request, the cache simply serves a replica of the cached response on to the user, with none interaction from the back-end. This greatly eases the load on the server by reducing the amount of duplicate requests it’s to handle.
Cache keys
When the cache receives an HTTP request, it first has got to determine whether there’s a cached response that it can serve directly, or whether it’s to forward the request for handling by the back-end server. Caches identify equivalent requests by comparing a predefined subset of the request’s components, known collectively because the “cache key”. Typically, this is able to contain the request line and Host header. Components of the request that aren’t included within the cache key are said to be “unkeyed”.
If the cache key of an incoming request matches the key of a previous request, then the cache considers them to be equivalent. As a result, it’ll serve a replica of the cached response that was generated for the first request. this is applicable to all or any subsequent requests with the matching cache key, until the cached response expires.
Crucially, the opposite components of the request are ignored altogether by the cache. We’ll explore the impact of this behavior in additional detail later.
What is the impact of an internet cache poisoning attack?
The impact of web cache poisoning is heavily hooked in to two key factors:
• What precisely the attacker can successfully get cached
As the poisoned cache is more a way of distribution than a standalone attack, the impact of web cache poisoning is inextricably linked to how harmful the injected payload is. like most sorts of attack, web cache poisoning also can be utilized in combination with other attacks to escalate the potential impact even further.
• The quantity of traffic on the affected page
The poisoned response will only be served to users who visit the affected page while the cache is poisoned. As a result, the impact can range from non-existent to massive counting on whether the page is popular or not. If an attacker managed to poison a cached response on the house page of a serious website, for instance , the attack could affect thousands of users with none subsequent interaction from the attacker.
Note that the duration of a cache entry doesn’t necessarily affect the impact of web cache poisoning. An attack can usually be scripted in such how that it re-poisons the cache indefinitely.
4. Session hijacking
The Session Hijacking attack consists of the exploitation of the online session control mechanism, which is generally managed for a session token.
Because http communication uses many various TCP connections, the online server needs a way to acknowledge every user’s connections. the foremost useful method depends on a token that the online Server sends to the client browser after a successful client authentication. A session token is generally composed of a string of variable width and it might be utilized in alternative ways , like within the URL, within the header of the http requisition as a cookie, in other parts of the header of the http request, or yet within the body of the http requisition.
The Session Hijacking attack compromises the session token by stealing or predicting a legitimate session token to realize unauthorized access to the online Server.
The session token might be compromised in several ways; the foremost common are:
• Predictable session token;
• Session Sniffing;
• Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
• Man-in-the-middle attack
• Man-in-the-browser attack
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Footprinting Penetration Testing
- Different types of tools with Email Footprinting
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Footprinting tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on the Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grabbing
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com
