𝙷𝚎𝚕𝚕𝚘 𝚛𝚎𝚜𝚙𝚎𝚌𝚝𝚏𝚞𝚕 𝚛𝚎𝚊𝚍𝚎𝚛𝚜. 𝙸 𝚊𝚖 𝙼𝚞𝚝𝚊𝚜𝚒𝚖 𝙰𝚋𝚞𝚋𝚊𝚔𝚊𝚛 𝚔𝚗𝚘𝚠𝚗 𝚊𝚜 𝚏𝚞𝚕𝚙𝚕𝚊𝚗 𝚊 𝚋𝚞𝚐 𝚋𝚘𝚞𝚗𝚝𝚢 𝚑𝚞𝚗𝚝𝚎𝚛 𝚊𝚗𝚍 𝚌𝚢𝚋𝚎𝚛𝚜𝚎𝚌𝚞𝚛𝚒𝚝𝚢 𝚎𝚗𝚝𝚑𝚞𝚜𝚒𝚊𝚜𝚖 𝚒𝚗 𝚝𝚘𝚍𝚊𝚢’𝚜 𝚠𝚛𝚒𝚝𝚎-𝚞𝚙. 𝙸 𝚠𝚊𝚗𝚝 𝚝𝚘 𝚎𝚡𝚙𝚕𝚊𝚒𝚗 𝚝𝚑𝚎 𝚌𝚘𝚗𝚌𝚎𝚙𝚝 𝚘𝚏 𝚠𝚎𝚋 𝚜𝚎𝚛𝚟𝚎𝚛, 𝚠𝚎𝚋 𝚜𝚎𝚛𝚟𝚎𝚛 𝚊𝚝𝚝𝚊𝚌𝚔, 𝚊𝚗𝚍 𝚠𝚎𝚋 𝚜𝚎𝚛𝚟𝚎𝚛 𝚊𝚝𝚝𝚊𝚌𝚔 𝚖𝚎𝚝𝚑𝚘𝚍𝚘𝚕𝚘𝚐𝚢. 𝙰𝚗𝚍 𝚒𝚗 𝚝𝚑𝚎 𝚌𝚘𝚗𝚌𝚕𝚞𝚜𝚒𝚘𝚗 𝚘𝚏 𝚖𝚢 𝚠𝚛𝚒𝚝𝚎-𝚞𝚙, 𝙸 𝚠𝚒𝚕𝚕 𝚎𝚡𝚙𝚕𝚊𝚒𝚗 𝚝𝚑𝚎 𝚙𝚛𝚎𝚟𝚎𝚗𝚝𝚒𝚟𝚎 𝚖𝚎𝚊𝚜𝚞𝚛𝚎𝚜 𝚝𝚘 𝚝𝚊𝚔𝚎 𝚝𝚘 𝚙𝚛𝚎𝚟𝚎𝚗𝚝 𝚠𝚎𝚋 𝚜𝚎𝚛𝚟𝚎𝚛 𝚊𝚝𝚝𝚊𝚌𝚔𝚜.
- Understanding Web Server
- Attacking Web Server
- Web Server Attack Methodology
- Web Server Preventive Measures
To be able to completely compromise a server, you have to understand the theory of a web server and its architecture.
Let talk about what a web server is, A web server is computer software or hardware which has the functionality to store data and process data and deliver data through a client web application called a web browser such as (Firefox, Chrome, Opera Mini, etc.) through HTTP/HTTP’s, web network protocol.
A web server has some components:
1.Document Root: This is used to store critical HTML files related to the web pages of a domain that will be rendered when a client user sends an HTTP request or communicate with the server. This is mostly found in a server system directory it’s also the writable counterpart to other User Binaries & Read-Only Data found on a web server directory, which must be read-only in normal operation for everyone accessing the server on the web. In simple words: When someone else looks at your website, The Document root directory is the location they will be accessing.
The document root is the “WWW” mostly by default on the Linux systems directory, but of course, some hosts may well use a different folder. Some of the more common alternatives are:
2.Server Root: This is the important root directory under the directory tree in which configurations and errors, executables, and logs are stored. The server root consists of four files one file is purposely the code that implements the server whiles the other three files are subdirectories, namely Conf, Logs, Cgi-bin.
Conf — A Conf file is a configuration or “config” file used on Unix and Linux based systems. It stores settings used to configure system processes and applications.
Logs — Log file is used to maintain a set of records for the administrators or owner to keep track of important events. They contain messages about the computer/server, including the kernel, services, and applications running on it.
Cgi-bin - Popularly known as CGI Common Gateway Interface. Which is used for accommodating the use of scripts in Web design. It is also a standard for interfacing external applications with Apache Web servers. /usr/lib/cgi-bin/ is cgi-bin directory. If you have public_htm directory, then cgi-bin directory should be inside this directory. Once you located cgi-bin directory, you can use it.
3.Virtual Document Tree: This is similar to virtual hosting, but for virtual document tree, it is used to provide storage on a different machine or disk after the original disk is full. Such as (cloud Dropbox, iCloud, Google Drive, Microsoft One Drive and IDrive, and more)
4.Virtual Hosting: This is a technique used for hosting multiple domain names or a website on a single server. This allows one server to share its resources, such as memory and processor cycles, without requiring all services provided to use the same hostname.
5.Web Proxy: This is a tool that acts as another client in a middle of a network protocol that facilitates your connection to a web server.
It makes requests to the real server on behalf of the client, or sometimes fulfills the claim itself.
Fellow me for more.