Skip to content
CEH Practical Guide

💻 Hacking Web Applications

Hacking web applications involves exploiting vulnerabilities in web applications, such as SQL injection, cross-site scripting (XSS), and insecure authentication mechanisms. This can lead to unauthorized access, data breaches, and other security incidents.

Web applications are the most common target for attackers, as they often handle sensitive data and are accessible over the internet.

Footprinting

Section titled “Footprinting”

Web application footprinting is the process of gathering information about a web application to identify potential vulnerabilities and attack vectors.

There are several tools and techniques for automating scanning and fingerprinting web applications:

  • nmap can be used to obtain additional information about a target.
  • ZAP provides a powerful scanner to identify vulnerabilities in web applications.
Terminal window
# Use nmap to enumerate services and versions
nmap -sV -p 80 --script http-enum TARGET


# Enumerate files and directories
gobuster dir -u http://TARGET -w /usr/share/wordlists/dirb/common.txt

Automated Scanning

Section titled “Automated Scanning”
WhatWeb
Nikto Nikto is a web server scanner that tests for various vulnerabilities and misconfigurations.
NStalker NStalker is a web application security scanner that helps identify vulnerabilities in web applications.
Vega
ClickjackPoc Seamlessly Detect and Construct Exploit POCs for ClickJacking Vulnerability using this Automated tool
PwnXSS A powerful XSS scanner made in python 3.7
WPScan A vulnerability scanner for WordPress

Enumeration

Section titled “Enumeration”
gobuster
dirsearch
wfuzz

Common vulnerabilities

Section titled “Common vulnerabilities”

There are several vulnerabilities that can be exploited in web applications based on the architecture and technology used.

SQL Injection

Section titled “SQL Injection”

SQL injection is a code injection technique that exploits a vulnerability in an application’s software by manipulating SQL queries. This can allow attackers to view, modify, or delete data in the database.

' OR 1=1 --

XSS

Section titled “XSS”

Cross-site scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

This can lead to session hijacking, defacement, or redirecting users to malicious sites.

<script>
  alert("XSS");
</script>

CSRF

Section titled “CSRF”

Cross-Site Request Forgery (CSRF) is an attack that tricks the user into executing unwanted actions on a different site where they are authenticated. This can lead to unauthorized actions being performed on behalf of the user, such as changing account settings or making purchases.

<form action="http://example.com/transfer" method="POST">
  <input type="hidden" name="amount" value="1000" />
  <input type="submit" value="Transfer Money" />
</form>

RCE

Section titled “RCE”

Remote Code Execution (RCE) is a vulnerability that allows an attacker to execute arbitrary code on a remote server or system.

This can lead to complete control over the target system and access to sensitive data.

Terminal window
curl -X POST -d "cmd=whoami" http://example.com/execute

LFI

Section titled “LFI”

Local File Inclusion (LFI) is a vulnerability that allows an attacker to include files on a server through the web browser. This can lead to unauthorized access to sensitive files and information.

Terminal window
curl -X GET "http://example.com/index.php?page=../../../../etc/passwd"
curl -X GET "http://example.com/index.php?page=%2E%2E%2F%2E%2E%2F%2E%2E%2Fetc%2Fpasswd"