Footprirvting a Target Network .p17

Lab 9

Mirroring Websites Using the HTTrack Web Site Copier Tool

HTTrnck Web S ite Copier is an Offline hr on ser utility that allon ׳sjo// to don \nload
a World Wide Web site through the Internet to jour local directory.

Lab Scenario

Website servers set cookies to help authenticate the user it the user logs 111 to a secure area of the website. Login information is stored 111 a cookie so the user can enter and leave the website without having to re-enter the same authentication information over and over.

You have learned 111 the previous lab to extract information from a web application using Firebug. As cookies are transmitted back and forth between a browser and website, if an attacker or unauthorized person gets 111 between the data transmission, the sensitive cookie information can be intercepted. A11 attacker can also use Firebug to see what JavaScript was downloaded and evaluated. Attackers can modify a request before it’s sent to the server using Tamper data. It they discover any SQL or cookie vulnerabilities, attackers can perform a SQL injection attack and can tamper with cookie details of a request before it’s sent to the server. Attackers can use such vulnerabilities to trick browsers into sending sensitive information over insecure channels. The attackers then siphon off the sensitive data for unauthorized access purposes. Therefore, as a penetration tester, you should have an updated antivirus protection program to attain Internet security. 111 tins lab, you will learn to mirror a website using the HTTrack W eb Site Copier Tool and as a penetration tester y o u can prevent D-DoS attack.

Lab Objectives

The objective of tins lab is to help students learn how to mirror websites.

Lab Environment

To carry out the lab, you need:

■ Web Data Extractor located at D:\CEH-Tools\CEHv8 Module 02 Footprinting and Reconnaissance\Website Mirroring Tools\HTTrack Website Copier

■ You can also download the latest version of HTTrack Web Site Copier from the link http://www.httrack.com/page/2/ en/ 111dex.html

■ If you decide to download the latest version, then sc re ensh ots shown 111 the lab might differ

■ Follow the Wizard driven installation process

■ Tins lab will work 111 the CEH lab environment - on Windows Server 2012. Windows 8, Window Server 2008 י and Windows 7

■ To run tliis tool Administrative privileges are required

Lab Duration

Time: 10 Minutes

Overview of Web Site Mirroring

Web mirroring allows you to download a website to a local director}7, building recursively all directories. HTML, images, flash, videos, and other tiles from die server to your computer.

Lab Tasks

1. To launch the Start menu, hover the mouse cursor in the lower-left corner of the desktop

FIGURE 9.1: Windows Server 2012—Desktop view

2. 111 the Start metro apps, click WinHTTrack to launch the applicadon WinHTTrack

FIGURE 9.2: Windows Server 2012—Apps

3. 111 the WinHTTrack main window, click Next to

FIGURE 9.3: HTTrack Website Copier Main Window

4. Enter the project name 111 the Project name held. Select the Base path to store the copied files. Click Next

FIGURE 9.4: HTTrack Website Copier selecting a New Project

5. Enter www.certifiedhacker.com under Web Addresses: (URL) and then click the Set options button

FIGURE 9.5: HTTrack Website Copier Select a project a name to organize your download

6. Clicking the Set options button will launch the WinHTTrack window

7. Click the Scan Rules tab and select the check boxes for the tile types as shown in the following screenshot and click OK

FIGURE 9.6: HTTrack Website Copier Select a project a name to organize your download

8. Then, click Next

FIGURE 9.7: HTTrack Website Copier Select a project a name to organize your download

9. By default, the radio button will be selected for Please adjust connection parameters if necessary, then press FINISH to launch the mirroring operation

10. Click Finish to start mirroring the website

FIGURE 9.8: HTTrack Website Copier Type or drop and drag one or several Web addresses

11. Site mirroring progress will be displayed as 111 the following screenshot

FIGURE 9.9: HTTrack Website Copier displaying site mirroring progress

12. WinHTTrack shows the message Mirroring operation complete once the site mirroring is completed. Click Browse Mirrored Website

FIGURE 9.10: HTTrack Website Copier displaying site mirroring progress

13. Clicking the Browse Mirrored Website button will launch the mirrored website for www.cert1fiedhacker.com. The URL indicates that the site is located at the local machine

Note: If the web page does not open for some reasons, navigate to the director}־ where you have mirrored the website and open index.html with any web browser

FIGURE 9.11: HTTrack Website Copier Mirrored Website Image

14. A few websites are very large and will take a long time to mirror the complete site

15. If you wish to stop the mirroring process prematurely, click Cancel in the Site mirroring progress window

16. The site will work like a live hosted website.

Lab Analysis

Document the mirrored website directories, getting HTML, images, and other tiles

Questions

5. How do you retrieve the files that are outside the domain while mirroring a website?

6. How do you download ftp tiles/sites?

7. Can HTTrack perform form-based authentication?

8. Can HTTrack execute HP-UX or ISO 9660 compatible files?

9. How do you grab an email address 111 web pages?