What is a Website

In this section, we are going to understand what a website really is. A website is nothing but just an application that is installed on a device or computer. A website has two main applications that are a web server(for example, Apache), and a database(for example, MySQL).

1. The web server is used to understand and executes the web application. A web application can be written in Java, Python, PHP, or any other programming language. The only restriction is that the web server needs to be able to understand and execute the web application.
2. The database contains the data that is used by the web application. All of this is stored on a computer called the server. The server is connected to the internet and has an IP address, and anybody can access or ping it.

The web application is executed either by the target or by the web server which is installed on our server. Therefore, any time we run a web application or request a page, it is actually executed on the web server and not on the client's computer. Once it is executed on the web server, the web server sends an HTML page which is ready to read to the target client or person, as shown in the following diagram:

Suppose, we are using a computer or a phone, and we want to access google.com. In our URL, if we type google.com, it will be translated to an IP address using a DNS server. A DNS is a server that translates every name, .com, .edu, or any website with a name or a domain name to its relevant IP address. If we request google.com, then the request goes to a DNS server and translates google.com to the IP where Google is stored. Then the DNS server will go to IP address of Google and execute the page that we wanted using all of the applications that we have spoken about, and then just give us a ready HTML page.

Now the program gets executed on the server, and we just get an HTML which is a markup language as a result of the program. This is very important, because in the future, if we wanted to get anything executed on the web server, such as a shell, then we need to send it in a language that the web server understands(for example PHP), and once we execute it inside the server, it will be executed on the target computer.

This means that, regardless of the person that accesses the pages, the web shell that we are going to send(if it is written in Java or in a language that the server understands) will be executed on the server and not on our computer. Therefore, it will give us access to the server and not to the person who accessed that server.

On the other hand, some websites use JavaScript, which is a client-side language. If we are able to find a website that allows us to run JavaScript code, then the code will be executed by the clients. Even though the code might be injected into the web server, it will be executed on the client side, and it will allow us to perform attacks on the client computer and not on the server. Hence, it is very important to distinguish between a client-side language and a server-side language.