tailieunhanh - Module 16 Hacking Webservers

Web server can refer to either the hardware (the computer) or the software (the computer application) that helps to deliver Web content that can be accessed through the Internet | Ethical Hacking and Countermeasures Version 6 Module XVI Hacking Web Servers IM c EH Scenario Certified Ethical Hacker SpeedCake4u a cake manufacturing firm wants to set up a website for showcasing its products. Matt a high school graduate was assigned the task of building the website. Even though Matt was not a pro in website building the 2000 pay was the main motivation for him to take up the task. He builds a website with all the features that the company management asked. The following day the cake manufacturing firm s website was defaced with the Title Your cake stinks How was it possible to deface the website Is Matt the culprit EC-Council Copyright by Ec-Council All Rights Reserved. Reproduction is Strictly Prohibited IM c E H News Certified Ethical Hacker PC World Hack Attack Hits 10 000 Web Sites Infected sites feed exploits to visitors--and more sites are affected than first suspected. I Gregg Keizer Computerworld Friday January 18 2008 83 50 PM PST A large-scale hack of legitimate Web sites to infect visitors PCs is much more massive than first thought researchers said Friday. At least 10 808 sites have been compromised and have hijacked unpatched systems that steered to their URLs. On Monday Mary Landesman a senior security researcher at ScanSafe Inc. said that she had uncovered hundreds of sites which hadJoeen hacked and were feeding exploits to visitors. Friday Don Jackson a senior researcher with Atlanta-based SecureWorks Inc. said the number was considerably larger. According to ScanSafe s data approximately 10 800 sites hosted on Linux servers running Apache the popular open-source Web server software have been hacked most likely with purloined log-in credentials. Those servers have been infected with a pair of files that generate constantly-changing malicious JavaScript. When visitors reach the hacked site the script calls up an exploit cocktail that includes attack code targeting recent QuickTime vulnerabilities the long-running Windows MDAC bug