Hacker, Researcher and Author.

Web Server Hacking Techniques

Lots of people know use, configure and manage their webservers but only few of them really know how to protect their web server from getting hacked i.e making it hack proof. Today lots of websites are hosted on a dedicated web servers so it's extremely important to make your web server hack proof in order to prevent any theft and data loss, Before I mention techniques used by hackers to compromise a web server and how you can protect your web server you should know what a web server is and how it works.
What is a webserver?

Basically a webserver is a single computer or more used to host websites, For a website to be available to every one (connected to internet) 24/7 it needs to be hosted on a webserver

How webservers work?

Webservers work in a simple manner, When ever you are using browser to surf any page your browser will request that particular page from the webserver and the server sends back the requested page.


The above picture illustrates how a webserver works.

How Are Webservers Compromised Or hacked?

There are multiple reasons why a webserver gets compromised or hacked, one of the major reason is installing the webserver with default and lack of updates and weak passwords. Once the server is compromised the hacker can use it to do malicious things online. For Example Hacked webservers can be used to as zombies to for performing a more powerful DDOS attack

Webserver Hacking Techniques

Below mentioned are some of the techniques which can be used by malicious hackers to compromise a webserver.

Orthodox Password Cracking Techniques

1. A hacker can use variety of password Cracking Techniques such as Brute force, Dictionary attacks and rainbow tables to crack weak administrator account passwords, However these attacks create huge logs of presence, so therefore smarter hackers either use a proxy or any other iP hiding method or they use already compromised systems to perform the attack.

2. Man In The Middle Attack

A hacker can also perform a man in the middle attack also known as ARP poisoning to steal credentials of administrator account.

3.  Keyloggers And Trojans

If A hacker can manage to install a trojan or a keylogger on administrator's computer then, the malicious hacker can easily capture the credentials

4. DNS Cache Poisoning Attack

If a hacker can manage to insert fake address records for a domain name into DNS server and can make the webserver accept the fake address record then the hacker or intruder can easily control your browser, This attack is extremely dangerous as it happens without the users knowledge, The topic is quite big and is not possible to explain it here, depending upon readers response I might make a seprate tutorial on this attack

There are many other techniques used by hackers such as Ftp server intrusion, social engineering, exploiting web application bugs which are probably to be explained in the upcoming posts at rha.

Hope you have enjoyed reading the post and have probably got some idea how hackers can attack your web server, In the next post I will continue the series and will introduce some methods you can use to protect your webserver from getting compromised.


  1. Rafay awesome post, I am eagerly waiting for the next part..

  2. Nice article rafay...


  3. needless to say, nice article rafay. keep it up :)

  4. There's no doubt whenever you write, there's a block buster. Awesome post.

  5. You should have described the web application bugs as SQL injection is probably one of the most used technique for the defacement. But still good post.

  6. @Samar
    Yes you are right, I thought to write on it but the article would have gotten more bigger as it is a lengthy topic to cover.

  7. hEy bro i wonder if you can do a counter strike 1.6 servers hack to get the password of a server you know
    or a steam hack
    i will be really glade if you do so

  8. Hi Rafay your hacking system is too much nice and all of your articles mostly I read when I am free.
    I need your mail id: I have one topic that you will done. We will discuss it by mail. thanks. my name is sidhdharth vora. and my mail id is siddhvora4u@gmail.com

  9. how to start a hacker

  10. great yar....rafay...go head and write more interesting artical with examples.....thx buddy

  11. A brute force attack can help in breaking a strong password also but it takes too much time.

  12. A awesome Post

  13. Kindly get a tut on DNS cache poisoning attack ..

  14. Kindly get a tut on DNS cache poisoning attack ..

  15. Please i am a new hacker recomend books for me toyou use.


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.