issuhub.com

CEH

(Jeff_L) #1

316 Chapter 13 ■ Web Servers and Web Applications


The following code illustrates what may be returned from a banner:

HTTP/1.1 200 OK

Server: <web server name and version>

Content-Location: http://192.168.100.100/index.htm

Date: Wed, 12 May 2010 14:03:52 GMT

Content-Type: text/html

Accept-Ranges: bytes

Last-Modified: Wed, 12 May 2010 18:56:06 GMT

ETag: "067d136a639be1:15b6"

Content-Length: 4325

This header, which is easy to obtain, reveals information about the server that is being

targeted. Web servers can have this information sanitized, but the webmaster must actually

make the effort to do so.

This information can be returned quite easily from a web server using the following

command:

telnet http://www.<servername>.com 80

Error Messages

Error messages can reveal a lot of information about a server and a web application.

Careless reveals of error messages can provide information that may be used for an attack

or at least the fine-tuning of an attack. Messages such as the common 404 can inform a

visitor that content is not available or located on the server. However, there are plenty of

other error messages that reveal different types of information, from the very detailed to

the very obscure.

Fortunately in many servers and applications error messages can be configured or

suppressed as necessary. Typically these messages should not be too descriptive—if seen at

all—outside a development or test environment.

Vandalizing Web Servers

Web servers are the targets of numerous types of attacks, but one of the most common

attacks is the act of vandalism known as defacement. Defacing a website can be aggressive

or subtle, depending on the goals of the attacker, but in either case the goals are the same:

to embarrass the company, make a statement, or just be a nuisance. To deface a website,

it is possible to use a number of methods, depending on the attacker’s own skill level,

capabilities, and opportunities available.

Common Flaws and Attack Methods


Let’s take a look at some common ways of attacking a web server and the sites and

applications hosted on them.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.