Web Works

avatar
Created by
EarlyHorse17571

Cards (86)

  • What is DNS?DNS (Domain Name System) provides a simple way for us to communicate with devices on the internet without remembering complex numbers. Much like every house has a unique address for sending mail directly to it, every computer on the internet has its own unique address to communicate with it called an IP address. An IP address looks like the following 104.26.10.229, 4 sets of digits ranging from 0 - 255 separated by a period. When you want to visit a website, it's not exactly convenient to remember this complicated set of numbers, and that's where DNS can help.
  • Domain Hierarchy
  • TLD (Top-Level Domain)
    A TLD is the most righthand part of a domain name. So, for example, the tryhackme.com TLD is .com. There are two types of TLD, gTLD (Generic Top Level) and ccTLD (Country Code Top Level Domain). Historically a gTLD was meant to tell the user the domain name's purpose; for example, a .com would be for commercial purposes, .org for an organisation, .edu for education and .gov for government. And a ccTLD was used for geographical purposes, for example, .ca for sites based in Canada, .co.uk for sites based in the United Kingdom and so on.
  • TLD (Top-Level Domain)Due to such demand, there is an influx of new gTLDs ranging from .online , .club , .website , .biz and so many more.
  • Second-Level Domain
    • Taking tryhackme.com as an example, the .com part is the TLD, and tryhackme is the Second Level Domain. When registering a domain name, the second-level domain is limited to 63 characters + the TLD and can only use a-z 0-9 and hyphens (cannot start or end with hyphens or have consecutive hyphens).
  • Subdomain
    A subdomain sits on the left-hand side of the Second-Level Domain using a period to separate it; for example, in the name admin.tryhackme.com the admin part is the subdomain. A subdomain name has the same creation restrictions as a Second-Level Domain, being limited to 63 characters and can only use a-z 0-9 and hyphens (cannot start or end with hyphens or have consecutive hyphens). You can use multiple subdomains split with periods to create longer names, such as jupiter.servers.tryhackme.com.
  • Subdomain
    But the length must be kept to 253 characters or less. There is no limit to the number of subdomains you can create for your domain name
  • Underscores in domain names are not allowed
  • DNS Record TypesA Record
    These records resolve to IPv4 addresses, for example 104.26.10.229
    AAAA Record
    These records resolve to IPv6 addresses, for example 2606:4700:20::681a:be5CNAME Record
    These records resolve to another domain name, for example, TryHackMe's online shop has the subdomain name store.tryhackme.com which returns a CNAME record shops.shopify.com. Another DNS request would then be made to shops.shopify.com to work out the IP address.
  • DNS Record Types
    MX Record
    These records resolve to the address of the servers that handle the email for the domain you are querying, for example an MX record response for tryhackme.com would look something like alt1.aspmx.l.google.com. These records also come with a priority flag. This tells the client in which order to try the servers, this is perfect for if the main server goes down and email needs to be sent to a backup server.
  • DNS Record Types
    TXT Record
    TXT records are free text fields where any text-based data can be stored. TXT records have multiple uses, but some common ones can be to list servers that have the authority to send an email on behalf of the domain (this can help in the battle against spam and spoofed email). They can also be used to verify ownership of the domain name when signing up for third party services.
  • What happens when you make a DNS request
    1. When you request a domain name, your computer first checks its local cache to see if you've previously looked up the address recently; if not, a request to your Recursive DNS Server will be made
  • What happens when you make a DNS request
    2. A Recursive DNS Server is usually provided by your ISP, but you can also choose your own. This server also has a local cache of recently looked up domain names. If a result is found locally, this is sent back to your computer, and your request ends here (this is common for popular and heavily requested services such as Google, Facebook, Twitter). If the request cannot be found locally, a journey begins to find the correct answer, starting with the internet's root DNS servers.
  • What happens when you make a DNS request
    3. The root servers act as the DNS backbone of the internet; their job is to redirect you to the correct Top Level Domain Server, depending on your request. If, for example, you request www.tryhackme.com, the root server will recognise the Top Level Domain of .com and refer you to the correct TLD server that deals with .com addresses.
  • What happens when you make a DNS request
    4. The TLD server holds records for where to find the authoritative server to answer the DNS request. The authoritative server is often also known as the nameserver for the domain. For example, the name server for tryhackme.com is kip.ns.cloudflare.com and uma.ns.cloudflare.com. You'll often find multiple nameservers for a domain name to act as a backup in case one goes down.
  • What happens when you make a DNS request
    5. An authoritative DNS server is the server that is responsible for storing the DNS records for a particular domain name and where any updates to your domain name DNS records would be made. Depending on the record type, the DNS record is then sent back to the Recursive DNS Server, where a local copy will be cached for future requests and then relayed back to the original client that made the request.
  • DNS records all come with a TTL (Time To Live) value. This value is a number represented in seconds that the response should be saved for locally until you have to look it up again. Caching saves on having to make a DNS request every time you communicate with a server.
  • What happens when you make a DNS request
  • Examples of NSLOOKUP:
    nslookup --type=A www.website.thm
    nslookup --type=CNAME www.website.thm
    nslookup --type=AAAA www.website.thm
    nslookup --type=MX www.website.thm
  • What is HTTP? (HyperText Transfer Protocol)
    HTTP is what's used whenever you view a website, developed by Tim Berners-Lee and his team between 1989-1991. HTTP is the set of rules used for communicating with web servers for the transmitting of webpage data, whether that is HTML, Images, Videos, etc.
  • What is HTTPS? (HyperText Transfer Protocol Secure)
    HTTPS is the secure version of HTTP. HTTPS data is encrypted so it not only stops people from seeing the data you are receiving and sending, but it also gives you assurances that you're talking to the correct web server and not something impersonating it.
  • No HTTPS:
    error: TryHackMe{INVALID_HTTP_CERT}
    • When we access a website, your browser will need to make requests to a web server for assets such as HTML, Images, and download the responses. Before that, you need to tell the browser specifically how and where to access these resources, this is where URLs will help.
  • What is a URL? (Uniform Resource Locator)If you’ve used the internet, you’ve used a URL before. A URL is predominantly an instruction on how to access a resource on the internet. The below image shows what a URL looks like with all of its features (it does not use all features in every request).
  • URL Components:
    Scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).
    User: Some services require authentication to log in, you can put a username and password into the URL to log in.
    Host: The domain name or IP address of the server you wish to access.
    Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535
  • URL Components:
    Path: The file name or location of the resource you are trying to access.
    Query StringExtra bits of information that can be sent to the requested path. For example, /blog?id=1 would tell the blog path that you wish to receive the blog article with the id of 1.
    Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.
  • Making a Request
    It's possible to make a request to a web server with just one line "GET / HTTP/1.1"
    • But for a much richer web experience, you’ll need to send other data as well. This other data is sent in what is called headers, where headers contain extra information to give to the web server you’re communicating with, but we’ll go more into this in the Header task.
  • Example HTTP Request:GET / HTTP/1.1Host: tryhackme.comUser-Agent: Mozilla/5.0 Firefox/87.0Referer: https://tryhackme.com/
  • Line 1: This request is sending the GET method, request the home page with / and telling the web server we are using HTTP protocol version 1.1.
    Line 2: We tell the web server we want the website tryhackme.comLine 3: We tell the web server we are using the Firefox version 87 Browser
    Line 4: We are telling the web server that the web page that referred us to this one is https://tryhackme.com
    Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.
  • Example HTTP Response:
  • Example Response:
    Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 Ok" which tells us the request has completed successfully.
    Line 2: This tells us the web server software and version number.
    Line 3: The current date, time and timezone of the web server.
    Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.
  • Example Response:
    Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.
    Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.
    Lines 7-14: The information that has been requested, in this instance the homepage.
  • HTTP methods are a way for the client to show their intended action when making an HTTP request. There are a lot of HTTP methods but we'll cover the most common ones, although mostly you'll deal with the GET and POST method.
  • HTTP Methods
    GET Request
    This is used for getting information from a web server.
    POST Request
    This is used for submitting data to the web server and potentially creating new records
    PUT Request
    This is used for submitting data to a web server to update information
    DELETE Request
    This is used for deleting information/records from a web server.
  • Status Codes Broad Breakdown:
    100-199 - Information ResponseThese are sent to tell the client the first part of their request has been accepted and they should continue sending the rest of their request. These codes are no longer very common.200-299 - SuccessThis range of status codes is used to tell the client their request was successful.300-399 - RedirectionThese are used to redirect the client's request to another resource. This can be either to a different webpage or a different website altogether.
  • Status Codes Broad Breakdown:
    400-499 - Client ErrorsUsed to inform the client that there was an error with their request.
    500-599 - Server ErrorsThis is reserved for errors happening on the server-side and usually indicate quite a major problem with the server handling the request.
  • Session cookies are deleted once you close your browser whereas persistent cookies remain until they expire or you delete them manually
  • A cookie is a small piece of text stored on your computer by websites you visit. Cookies allow websites to remember things about you like login details, shopping cart items, preferences etc. They also enable sites to track visitors across multiple pages and sessions.
  • Cookies have many uses including remembering usernames and passwords so users don’t need to retype them every time they log into a site, tracking visitor behaviour through Google Analytics and storing products in online shopping baskets.
  • Common HTTP Status Codes:
    200 - OK::The request was completed successfully.

    201 - Created :A resource has been created (for example a new user or new blog post).
    301 - Moved Permanently: This redirects the client's browser to a new webpage or tells search engines that the page has moved somewhere else and to look there instead.
    302 - Found: Similar to the above permanent redirect, but as the name suggests, this is only a temporary change and it may change again in the near future.
  • Common HTTP Status Codes:
    • 400 - Bad Request: This tells the browser that something was either wrong or missing in their request. This could sometimes be used if the web server resource that is being requested expected a certain parameter that the client didn't send.
    • 401 - Not Authorised: You are not currently allowed to view this resource until you have authorised with the web application, most commonly with a username and password.
    • 403 - Forbidden: You do not have permission to view this resource whether you are logged in or not.