Web Recognition In the previous article, we have seen how the vulnerabilities that the command injection technique takes advantage of. In the example, we said that the computer on which the web was hosted was a Linux computer, but … How can we know if the computer was a site? Web? Hosted on is hosted or stored. Is it Linux, windows, or whatever? This is where one of the most important techniques used by a cybercriminal, Web Discovery, comes into play.
Table of Contents
What Is It?
Recognition is a series of techniques that are implemented to collect information about the victim: website, operating system, data breach, public data, etc.
This reconnaissance phase is essential for the attacker as it provides information that can be used to carry out a more effective attack.
In the article, we will focus on website recognition.
Example Of Web Recognition
Continuing with the example of the previous article, we know that our objective has a web page. At this point, the attacker would be interested in obtaining information about the technology with which the web was created, under which server it is running, or which language was used. Programming. Use.
There are tools that can help us extract most of the information we have mentioned.
We execute the WHAT WEB tool and see in the following image the information that it is capable of obtaining:
- A web server on which the page is executed and its version: Apache 2.2.8
- The operating system of the computer in where the page is stored: Linux Ubuntu
- The version of the PHP programming language in which the page is developed: 5.2.4
Web Recognition In Content Managers
If we discover that our website is being made through a CMS or content managers such as WordPress, Joomla, or Drupal, we can use existing tools to list it.
For example, in terms of WordPress, the most popular tool is WPScan. For Joomla, we have Joomscan, and for Drupal, Drupscan.
Focusing on WordPress as it is the most used CMS, the WPScan tool would allow us, among other things:
- Brute force against WordPress login using random usernames and/or passwords.
- List all plugins that the content manager has vulnerable.
- List existing users.
- Get information on the web.
It is important to know that although the content manager is up to date, we can find a vulnerability in some of the installed plugins and also compromise the web page.
An example of using WPScan would be the following:
- wpscan –URL http://www.dominio.com -e VP, u
- With –URL, we indicate the address of the web page that we want to audit
- Withe, you are told to list the information on the page. In this case, you are told to list the vulnerable plugins with a (vulnerable plugins) and the users with u (users)
Example Of Brute Force Recognition
Another tactic in web page enumeration or recognition is to brutally force files or directories on the page in an attempt to discover hidden directories or files. This technique is known as Fusing.
For example, we know that our page can be accessed through the URL http://10.0.2.4/dvwa/. Behind this URL, there may be some directories that are not related to the page itself, but if you know them, you can reach them.
An example we have in the pages made with WordPress that have a directory to access the administration panel of the page located at http://www.dominio.com/wp-admin/.
To try to discover these hidden directories, we use a file commonly called a dictionary, where for each line, there are a series of directory names that we can pass to a tool or even a script made by us and test if each of these exists. Directories and inform us on the screen or in a file which ones it finds.
Solution Or Mitigation Of Web Recognition Techniques
There are different techniques that we can use to hide the information that our website can show, both from the server we use and the technologies we use to create it. In the different content managers, we also find plugins or components that perform this hiding function.
Although we should try to display as little information as possible, the only valid solution to prevent our website from being compromised is to update all systems, services, and components to the latest version. If what we have is a CMS, do not add any plugins that are not completely necessary, install those that are not from official sources, or do not have a frequent update policy. It does not matter if our WordPress update to the latest version. If then, we have a plugin that is not updated and has a vulnerability that can be exploit.
conclusion
As we have seen, there are several web recognition techniques. First, we focus on the server versions and technologies used for their development and then on collecting data from hidden pages. All these techniques are use by attackers in the previous phases of an attack, the information collected here will be essential for the later phases of the attack and to become familiar with the com.