Hey all , I just wanna ask you guyz! What actually is web serevr intrusion.
I know its a way of getting into servers using some exploits etc etc...
I see a lot of people getting into top class servers using this method but till date i have exploited zero machines , I just cant get vulnerable servers!
What is Web Server Intrusion ?
Re: What is Web Server Intrusion ?
with all the hacks aimed at web servers, HTTP port etc - many smart admins have moved web servers to a high level security zone where there is nothing but the website and no connection to the internal network. Some even use third party host to host their websites, companies that do nothing but deal with web based attacks. Its not the 1990's anymore.
Entry is still made by email, exploiting personal computers of employees - to plant back doors and trojans. Some companies use third party email services just like the third party web host - a company that specializes in email based threats.
See the trend - companies using services from specialized network solutions providers - secure email, secure comms (pagers, cell phones, laptop), and secure web site hosting. This is seen as more cost effective than trying to staff an IT department of persons specialized in email, web, and comms security. Some of these third parties are overseas, remote offices - because its cheap. (bad for people in US that want to work IT)
Hackers look into applications used on the websites, and try to exploit that code. Web based security misses a lot of application based hacks because it was told to ignore bugs in the code.
Personal comms is a big thing with telecommunicating workers, workers that want remote access to work computers, bosses checking into work while fucking around at the golf club - all these are weak points that can give you the data (stored on the laptop against company policies) or entry as that privilege person. With homemade wifi, many corporate computers are at risk to being found by wardrivers who 'discover' open wifi networks.
Expand your territory.
DNR
Entry is still made by email, exploiting personal computers of employees - to plant back doors and trojans. Some companies use third party email services just like the third party web host - a company that specializes in email based threats.
See the trend - companies using services from specialized network solutions providers - secure email, secure comms (pagers, cell phones, laptop), and secure web site hosting. This is seen as more cost effective than trying to staff an IT department of persons specialized in email, web, and comms security. Some of these third parties are overseas, remote offices - because its cheap. (bad for people in US that want to work IT)
Hackers look into applications used on the websites, and try to exploit that code. Web based security misses a lot of application based hacks because it was told to ignore bugs in the code.
Personal comms is a big thing with telecommunicating workers, workers that want remote access to work computers, bosses checking into work while fucking around at the golf club - all these are weak points that can give you the data (stored on the laptop against company policies) or entry as that privilege person. With homemade wifi, many corporate computers are at risk to being found by wardrivers who 'discover' open wifi networks.
Expand your territory.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Re: What is Web Server Intrusion ?
web server intrusion is not a 'method' its just a different way of saying "get into the web server"
there are many ways to do 'web server intrusion', RFI for example.
there are many ways to do 'web server intrusion', RFI for example.
[img]http://www.slackware.com/~msimons/slackware/grfx/shared/greymtlSW.jpg[/img]
Re: What is Web Server Intrusion ?
bubzuru wrote:web server intrusion is not a 'method' its just a different way of saying "get into the web server"
there are many ways to do 'web server intrusion', RFI for example.
This thread is over a year old and has already been answered.
Locked, read the rules
"The best place to hide a tree, is in a forest"
Re: What is Web Server Intrusion ?
Well, at least it was a helpful post ^_^
But yeah, try to avoid bringing topics back from the grave - though it's easy to forget to check the date on forum topics.
But yeah, try to avoid bringing topics back from the grave - though it's easy to forget to check the date on forum topics.
¯\_(ツ)_/¯ It works on my machine...