DEV Community

Cover image for A Web Server For Bug Bounty Hunters (Part 1)
Mutasim Abubakar
Mutasim Abubakar

Posted on • Updated on

A Web Server For Bug Bounty Hunters (Part 1)

π™·πšŽπš•πš•πš˜ πš›πšŽπšœπš™πšŽπšŒπšπšπšžπš• πš›πšŽπšŠπšπšŽπš›πšœ. 𝙸 πšŠπš– π™ΌπšžπšπšŠπšœπš’πš– π™°πš‹πšžπš‹πšŠπš”πšŠπš› πš”πš—πš˜πš πš— 𝚊𝚜 πšπšžπš•πš™πš•πšŠπš— 𝚊 πš‹πšžπš πš‹πš˜πšžπš—πšπš’ πš‘πšžπš—πšπšŽπš› πšŠπš—πš πšŒπš’πš‹πšŽπš›πšœπšŽπšŒπšžπš›πš’πšπš’ πšŽπš—πšπš‘πšžπšœπš’πšŠπšœπš– πš’πš— πšπš˜πšπšŠπš’β€™πšœ πš πš›πš’πšπšŽ-πšžπš™. 𝙸 πš πšŠπš—πš 𝚝𝚘 πšŽπš‘πš™πš•πšŠπš’πš— πšπš‘πšŽ πšŒπš˜πš—πšŒπšŽπš™πš 𝚘𝚏 πš πšŽπš‹ πšœπšŽπš›πšŸπšŽπš›, πš πšŽπš‹ πšœπšŽπš›πšŸπšŽπš› πšŠπšπšπšŠπšŒπš”, πšŠπš—πš πš πšŽπš‹ πšœπšŽπš›πšŸπšŽπš› πšŠπšπšπšŠπšŒπš” πš–πšŽπšπš‘πš˜πšπš˜πš•πš˜πšπš’. π™°πš—πš πš’πš— πšπš‘πšŽ πšŒπš˜πš—πšŒπš•πšžπšœπš’πš˜πš— 𝚘𝚏 πš–πš’ πš πš›πš’πšπšŽ-πšžπš™, 𝙸 πš πš’πš•πš• πšŽπš‘πš™πš•πšŠπš’πš— πšπš‘πšŽ πš™πš›πšŽπšŸπšŽπš—πšπš’πšŸπšŽ πš–πšŽπšŠπšœπšžπš›πšŽπšœ 𝚝𝚘 πšπšŠπš”πšŽ 𝚝𝚘 πš™πš›πšŽπšŸπšŽπš—πš πš πšŽπš‹ πšœπšŽπš›πšŸπšŽπš› πšŠπšπšπšŠπšŒπš”πšœ.

  • Understanding Web Server
  • Attacking Web Server
  • Web Server Attack Methodology
  • Web Server Preventive Measures

Web Server Concept

To be able to completely compromise a server, you have to understand the theory of a web server and its architecture.
Let talk about what a web server is, A web server is computer software or hardware which has the functionality to store data and process data and deliver data through a client web application called a web browser such as (Firefox, Chrome, Opera Mini, etc.) through HTTP/HTTP’s, web network protocol.
A web server has some components:

1.Document Root: This is used to store critical HTML files related to the web pages of a domain that will be rendered when a client user sends an HTTP request or communicate with the server. This is mostly found in a server system directory it’s also the writable counterpart to other User Binaries & Read-Only Data found on a web server directory, which must be read-only in normal operation for everyone accessing the server on the web. In simple words: When someone else looks at your website, The Document root directory is the location they will be accessing.

The document root is the β€œWWW” mostly by default on the Linux systems directory, but of course, some hosts may well use a different folder. Some of the more common alternatives are:

  • htdocs
  • httpdocs
  • html
  • public_html
  • web

2.Server Root: This is the important root directory under the directory tree in which configurations and errors, executables, and logs are stored. The server root consists of four files one file is purposely the code that implements the server whiles the other three files are subdirectories, namely Conf, Logs, Cgi-bin.

  • Conf β€” A Conf file is a configuration or β€œconfig” file used on Unix and Linux based systems. It stores settings used to configure system processes and applications.

  • Logs β€” Log file is used to maintain a set of records for the administrators or owner to keep track of important events. They contain messages about the computer/server, including the kernel, services, and applications running on it.

  • Cgi-bin - Popularly known as CGI Common Gateway Interface. Which is used for accommodating the use of scripts in Web design. It is also a standard for interfacing external applications with Apache Web servers. /usr/lib/cgi-bin/ is cgi-bin directory. If you have public_htm directory, then cgi-bin directory should be inside this directory. Once you located cgi-bin directory, you can use it.

3.Virtual Document Tree: This is similar to virtual hosting, but for virtual document tree, it is used to provide storage on a different machine or disk after the original disk is full. Such as (cloud Dropbox, iCloud, Google Drive, Microsoft One Drive and IDrive, and more)

4.Virtual Hosting: This is a technique used for hosting multiple domain names or a website on a single server. This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same hostname.
5.Web Proxy: This is a tool that acts as another client in a middle of a network protocol that facilitates your connection to a web server.
It makes requests to the real server on behalf of the client, or sometimes fulfills the claim itself.

Fellow me for more.
Twitter.

Discussion (0)