Sebenarnya sudah bukan
rahasia lagi webserver APACHE sering mendapat serangan dibandingkan webserver
lainnya, disini penulis akan menunjukkan cara memeriksa keamanan webserver
APACHE anda dengan NIKTO disertai pengujian keamanannya Jika anda sudah
menginstall ActivePerl ke komputer anda, maka masuk ke
C:\Perl\Bin jika anda
menginstall ke drive C dan D:\Perl\Bin jika anda
menginstall di drive D,
lalu Download Nikto, dengan masuk ke alamat url https://cirt.net/nikto/nikto-2.1.4.tar.bz2,
disini tutor ini penulis mengextractnya ke D:\Perl\Bin\nikto-1.35
setelah itu kita masuk
MS-DOS, lalu masuk ke directory
D:\Perl\Bin\nikto-1.35.
Setelah itu untuk
melihat source nikto.pl maka gunakan perintah : edit nikto.pl dengan begitu
anda bisa melihat source lebih rapi dibandingkan di notepad, setelah itu kita
kembali ke MS-DOS untuk menjalan source nikto ini. Sekarang kita siapkan
target, disini kita install saja PHPTriad setelah itu kita jalankan APACHE-nya,
lalu masuk ke browser kita masukkan url http://localhost.
Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke
MSDOS prompt penulis masukkan perintah perl nikto.pl -h localhost di
D:\perl\bin\nikto-1.35.
Hasil :
D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header: PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and considered secure.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi. CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution. CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums
allows any user to change the welcome message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php?VARIABLE= - Contains PHP configuration
information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP configuration information (GET)
+ /phpmyadmin/ - This might be interesting... (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ /test/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=<script>alert(document.cookie)</script>%20
- This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s) found on remote host(s)
+ End Time: Sun Jan 29 17:09:54 2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header: PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and considered secure.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi. CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution. CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums
allows any user to change the welcome message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php?VARIABLE= - Contains PHP configuration
information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP configuration information (GET)
+ /phpmyadmin/ - This might be interesting... (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ /test/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=<script>alert(document.cookie)</script>%20
- This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s) found on remote host(s)
+ End Time: Sun Jan 29 17:09:54 2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
Selanjutnya terserah
anda ingin memberitahukan bugnya kepada admin atau
ingin menyerang
webserver dengan bug yang sudah tampil diatas, selamat
mencoba.
Sumber: xcode magazine
edition 1
0 komentar:
Posting Komentar