Sebenarnya sudah bukan rahasia lagi webserver APACHE sering mendapat serangan dibandingkan webserver lainnya, disini penulis akan menunjukkan cara memeriksa keamanan webserver APACHE anda dengan NIKTO disertai pengujian keamanannya Jika anda sudah menginstall ActivePerl ke komputer anda, maka masuk ke C:\Perl\Bin jika anda menginstall ke intend C dan D:\Perl\Bin jika anda menginstall di intend D, lalu Download Nikto, dengan masuk ke alamat url http://smg-familycode*Forbidden*/nikto.zip, disini instructor ini penulis mengextractnya ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu masuk ke directory D:\Perl\Bin\nikto-1.35. Setelah itu untuk melihat maker nikto.pl maka gunakan perintah : modify nikto.pl dengan begitu anda bisa melihat maker lebih rapi dibandingkan di notepad, setelah itu kita kembali ke MS-DOS untuk menjalan maker nikto ini. Sekarang kita siapkan target, disini kita establish saja PHPTriad setelah itu kita jalankan APACHE-nya, lalu masuk ke application kita masukkan url http://localhost. Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke MSDOS prompt penulis masukkan perintah perl nikto.pl -h localhost di D:\perl\bin\nikto-1.35. Hasil : D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost -***** SSL hold not acquirable (see docs for SSL establish instructions) ***** --------------------------------------------------------------------------- - Nikto 1.35/1.34 - www.cirt.net + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: Sun Jan 29 17:05:15 2006 --------------------------------------------------------------------------- - Scan is interdependent on "Server" progress which crapper be faked, ingest -g to override + Server: Apache/1.3.14 (Win32) - Retrieved X-Powered-By header: PHP/4.0.5 + Allowed protocol Methods: GET, HEAD, POST, OPTIONS, TRACE + protocol method 'TRACE' is typically exclusive utilised for debugging. It should be disabled. OSVDB- 877. + PHP/4.0.5 appears to be noncurrent (current is at small 5.0.3) + Apache/1.3.14 appears to be noncurrent (current is at small Apache/2.0.54). Apac he 1.3.33 is ease serviceable and thoughtful secure. + Apache/1.3.14 (Win32) - Athapascan 1.3 beneath 1.3.29 are undefendable to overflows inmod_rewrite and mod_cgi. CAN-2003-0542. + Apache/1.3.14 (Win32) - Athapascan 1.3 beneath 1.3.27 are undefendable to a topical buff er stream which allows attackers to blackball some impact on the system. CAN-2002-0839. + Apache/1.3.14 (Win32) - Athapascan 1.x up 1.2.34 are undefendable to a far DoS and possible cipher execution. CAN-2002-0392. + /php/php.exe?c:\boot.ini - The Athapascan config allows php.exe to be titled directly. (GET) + / - TRACE choice appears to earmark XSS or credential theft. See http://www.cgisecurity.com/whitehat-...per_screen.pdf for info (TRACE) + /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive information via destined protocol requests which include limited QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via destined protocol requests which include limited QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via destined protocol requests which include limited QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via destined protocol requests which include limited QUERY strings. OSVDB-12184. (GET) + /index.php?module=My_eGallery - My_eGallery preceding to 3.1.1.g are undefendable to a remote execution fault via SQL bidding injection. (GET) + /index.php?top_message=<script>alert([removed])</script> - Led-Forums allows some individual to modify the recognize message, and it is undefendable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /phpinfo.php?VARIABLE=[removed]alert('Vulnerable')[removed] - Contains PHP configuration information and is undefendable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /phpinfo.php - Contains PHP plan aggregation (GET) + /phpmyadmin/ - This strength be interesting... (GET) + /phpMyAdmin/ - This strength be interesting... (GET) + /test/ - This strength be interesting... (GET) + /index.php?base=test%20 - This strength be interesting... has been seen in scheme lo gs from an uncharted scanner. (GET) + /index.php?IDAdmin=test - This strength be interesting... has been seen in scheme logs from an uncharted scanner. (GET) + /index.php?pymembs=admin - This strength be interesting... has been seen in scheme logs from an uncharted scanner. (GET) + /index.php?SqlQuery=test%20 - This strength be interesting... has been seen in scheme logs from an uncharted scanner. (GET) + /index.php?tampon=test%20 - This strength be interesting... has been seen in scheme logs from an uncharted scanner. (GET) +/index.php?topic=&lt;script&gt;alert([removed])&lt;/script&gt;%20 - This strength be interesting... has been seen in scheme logs from an uncharted scanner. (GET) + 2563 items patterned - 19 item(s) institute on far host(s) + End Time: Sun Jan 29 17:09:54 2006 (279 seconds) --------------------------------------------------------------------------- + 1 host(s) tested Selanjutnya terserah anda ingin memberitahukan bugnya kepada admin atau ingin menyerang webserver dengan fault yang sudah tampil diatas, selamat mencoba.Custom HTML BawahCIF Spray
Tidak ada komentar:
Posting Komentar