serangan dibandingkan webserver lainnya, disini penulis akan menunjukkan
cara memeriksa keamanan webserver APACHE anda dengan NIKTO disertai
pengujian keamanannya
Jika anda sudah menginstall ActivePerl ke komputer anda, maka masuk ke
C:\Perl\Bin jika anda menginstall ke drive C dan D:\Perl\Bin jika anda
menginstall di drive D, lalu Download Nikto, dengan masuk ke alamat url
http://smg-familycode.co.nr/nikto.zip, disini tutor ini penulis mengextractnya
ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu masuk ke
directory D:\Perl\Bin\nikto-1.35.
Setelah itu untuk melihat source nikto.pl maka gunakan perintah : edit nikto.pl
dengan begitu anda bisa melihat source lebih rapi dibandingkan di notepad,
setelah itu kita kembali ke MS-DOS untuk menjalan source nikto ini. Sekarang
kita siapkan target, disini kita install saja PHPTriad setelah itu kita jalankan
APACHE-nya, lalu masuk ke browser kita masukkan url http://localhost.
Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke MSDOS
prompt penulis masukkan perintah perl nikto.pl -h localhost di
D:\perl\bin\nikto-1.35.
Hasil :
9
D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header: PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and considered secure.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi. CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution. CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums
allows any user to change the welcome message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php?VARIABLE= - Contains PHP configuration
information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP configuration information (GET)
+ /phpmyadmin/ - This might be interesting... (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ /test/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=<script>alert(document.cookie)</script>%20
- This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s) found on remote host(s)
+ End Time: Sun Jan 29 17:09:54 2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
10
Selanjutnya terserah anda ingin memberitahukan bugnya kepada admin atau
ingin menyerang webserver dengan bug yang sudah tampil diatas, selamat
mencoba.
0 comments:
Post a Comment