CEH v13: Hacking Web Servers

Table of Contents
Click Here to Return To the Certified Ethical Hacker (CEH v13) Course Page
Hacking Web Servers targets the server layer in the EC-Council CEH v13 course. This module covers enumerating web server software, finding misconfigurations, and hardening the platform. Scan and exploit web servers only inside your authorized scope.
A web server runs the software (Apache, IIS, Nginx) that hosts the application. Flaws in that platform open the door before you ever touch the application code.
Web Server Enumeration
You fingerprint the server and map its content.
# Scan for known web server flaws and brute-force directories
nikto -h http://target.example
dirb http://target.example /usr/share/wordlists/dirb/common.txt
Nikto checks for outdated versions and dangerous files. dirb and gobuster brute-force hidden directories and pages. Verbose error messages and default pages reveal the software and version.
Common Web Server Attacks
| Attack | Result |
|---|---|
| Directory traversal | Reads files outside the web root |
| Default credentials | Logs into admin panels |
| Defacement | Replaces site content |
| DNS hijacking | Redirects visitors elsewhere |
| Cache poisoning | Serves malicious cached content |
Directory traversal uses sequences like ../../etc/passwd to escape the web root and read system files.
Exploitation and Hardening
You match a discovered version to a known exploit, often through Metasploit modules for Apache, IIS, or Nginx. You then report fixes:
- Patch the server and remove unused modules.
- Disable directory listing and verbose errors.
- Deploy a WAF to filter malicious requests.
- Enforce HTTPS and strong TLS settings.
Check a site’s response headers with the on-site security headers tool . A patched server with a clean configuration removes most of these attacks at once.
Next Steps
Move up the stack to Hacking Web Applications . Revisit defense evasion in Evading IDS, Firewalls, and Honeypots . Return to the Certified Ethical Hacker (CEH v13) Course .


