serangan dibandingkan webserver lainnya, disini penulis akan
menunjukkan
cara memeriksa keamanan webserver APACHE anda dengan NIKTO
disertai
pengujian keamanannya
Jika anda sudah menginstall ActivePerl ke komputer anda, maka
masuk ke
C:\Perl\Bin jika anda menginstall ke drive C dan D:\Perl\Bin jika
anda
menginstall di drive D, lalu Download Nikto, dengan masuk ke
alamat url
http://smg-familycode.co.nr/nikto.zip, disini tutor ini penulis mengextractnya
ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu
masuk ke
directory D:\Perl\Bin\nikto-1.35.
Setelah itu untuk melihat source nikto.pl maka gunakan perintah :
edit nikto.pl
dengan begitu anda bisa melihat source lebih rapi dibandingkan di
notepad,
setelah itu kita kembali ke MS-DOS untuk menjalan source nikto
ini. Sekarang
kita siapkan target, disini kita install saja PHPTriad setelah itu
kita jalankan
APACHE-nya, lalu masuk ke browser kita masukkan url
http://localhost.
Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah
kembali ke MSDOS
prompt penulis masukkan perintah perl nikto.pl -h localhost di
D:\perl\bin\nikto-1.35.
Hasil :
D:\perl\bin\nikto-1.35>perl
nikto.pl -h localhost
-***** SSL support not available
(see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15
2006
---------------------------------------------------------------------------
- Scan is dependent on
"Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header:
PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD,
POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically
only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated
(current is at least 5.0.3)
+ Apache/1.3.14 appears to be
outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and
considered secure.
+ Apache/1.3.14 (Win32) - Apache
1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi.
CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache
1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers
to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache
1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution.
CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The
Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to
allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
for details (TRACE)
+
/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially
sensitive
information via certain HTTP
requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+
/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially
sensitive
information via certain HTTP
requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+
/index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially
sensitive
information via certain HTTP
requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+
/index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals
potentiallysensitive
information via certain HTTP
requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery -
My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command
injection. (GET)
+
/index.php?top_message=<script>alert(document.cookie)</script>
- Led-Forums
allows any user to change the welcome
message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+
/phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> -
Contains PHP configuration
information and is vulnerable to
Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP
configuration information (GET)
+ /phpmyadmin/ - This might be
interesting... (GET)
+ /phpMyAdmin/ - This might be
interesting... (GET)
+ /test/ - This might be
interesting... (GET)
+ /index.php?base=test%20 - This
might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This
might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This
might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 -
This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This
might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=&lt;script&gt;alert(document.cookie)&lt;/script&gt;%20
- This might be interesting... has
been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s)
found on remote host(s)
+ End Time: Sun Jan 29 17:09:54
2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Selanjutnya terserah anda ingin memberitahukan bugnya kepada admin
atau
ingin menyerang webserver dengan bug yang sudah tampil diatas,
selamat
mencoba.
Tidak ada komentar:
Posting Komentar