Section 02: Web Server Attacks

Attacks

Distributed denial of service

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. A DDoS attack uses more than one unique IP address or machines, often from thousands of hosts infected with malware.

DNS (Domain name system) hijacking

DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

DNS amplification attacks

DNS amplification is a DDoS attack that leverages DNS resolvers to overwhelm a victim with traffic.

Directory traversal

A directory traversal (or path traversal) attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing "traverse to parent directory" are passed through to the operating system's file system API. An affected application can be exploited to gain unauthorized access to the file system.

MiTM (Man in the middle Attack)

In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.

Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.

HTTP response splitting

HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values. It can be used to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits.

Web cache poisoning

In a vulnerable application, threat actors inject specially crafted data into cache memory, causing the webserver to respond with a malicious HTTP response to the user.

Password cracking

In cryptanalysis and computer security, password cracking is the process of recovering passwords[1] from data that has been stored in or transmitted by a computer system in scrambled form.

Links

• https://en.wikipedia.org/wiki/Denial-of-service_attack

• https://en.wikipedia.org/wiki/DNS_hijacking

• https://en.wikipedia.org/wiki/Directory_traversal_attack

• https://en.wikipedia.org/wiki/Man-in-the-middle_attack

• https://en.wikipedia.org/wiki/Phishing

• https://en.wikipedia.org/wiki/HTTP_response_splitting

• https://en.wikipedia.org/wiki/Password_cracking