What is a website?

Before we can start website penetration testing, we need to understand what a website really is. A website is just an application that is installed on a computer. The computer might have better specifications than our computer, but fundamentally, it works just like any other computer, which means that it has an operating system, as well as a number of applications that allow it to act as a web server. The two main applications that it has are a web server (for example, Apache), and a database (for example, MySQL):

  • The web server basically understands and executes the web application. Our web application can be written in PHP, Python, or any other programming language. The only restriction is that the web server needs to be able to understand and execute the web application.
  • The database contains the data that is used by the web application. All of this is stored on a computer called the server. The server is connected to the internet and has an IP address; anybody can access or ping it.

The web application is executed either by the web server—which is installed on our server—or on the target; therefore, any time we request a page or run a web application, it's actually executed on the web server and not on the client's computer. Once it is executed on the web server, the web server sends an HTML page—which is ready to read—to the target person or client, as shown in the following figure:

Let's say, for example, that we are using a phone or a computer and we want to access facebook.com. If we type facebook.com into our URL, it will be translated to an IP address using a DNS server. A DNS is a server that translates every name, .com, .edu, or any website with a name or a domain name to its relevant IP address. If we request facebook.com, the request goes to a DNS server that then translates facebook.com to the IP where Facebook is stored, and then the DNS server will go to the IP address of Facebook, execute the page that we wanted using all of the applications that we have spoken about, and then just give us a ready HTML page.

Now, what we get back is just a markup written in HTML—which is a markup language—of the result of executing the program; the program gets executed on the server, and we just get the result. This is very important, because in the future, if we wanted to get anything executed on the web server, such as a shell, or a virus to be executed on the target computer, then we need to send it in a language that the web server understands (for example, PHP), and once we execute it inside the server, it will be executed on the target computer.

This means that, regardless of the person that accesses the page, the web shell that we are going to send (if it is written in PHP or in a language that the server understands) will be executed on the server and not on our computer. Therefore, it will give us access to the server and not to the person who accessed that server. On the other hand, some websites use JavaScript, which is a client-side language. If we manage to find a website that allows you to run JavaScript code, then the code will be executed by the clients. Even though the code might be injected into the web server, it will be executed on the client side, and it will allow us to perform attacks on the client computer and not on the server. Hence, it's very important to distinguish between a client-side language and a server-side language.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.218.48.62