Jumat, 27 Mei 2011

Memeriksa keamanan webserver dengan NIKTO


Sebenarnya sudah bukan rahasia lagi webserver APACHE sering mendapat serangan dibandingkan webserver lainnya, disini penulis akan menunjukkan cara memeriksa keamanan webserver APACHE anda dengan NIKTO disertai pengujian keamanannya
Jika anda sudah menginstall ActivePerl ke komputer anda, maka masuk ke C:\Perl\Bin jika anda menginstall ke drive C dan D:\Perl\Bin jika anda menginstall di drive D, lalu Download Nikto, dengan masuk ke alamat url http://smg-familycode.co.nr/nikto.zip, disini tutor ini penulis mengextractnya ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu masuk ke directory D:\Perl\Bin\nikto-1.35.
Setelah itu untuk melihat source nikto.pl maka gunakan perintah : edit nikto.pl dengan begitu anda bisa melihat source lebih rapi dibandingkan di notepad, setelah itu kita kembali ke MS DOS untuk menjalan source nikto ini. Sekarang kita siapkan target, disini kita install saja PHPTriad setelah itu kita jalankan APACHE-nya, lalu masuk ke browser kita masukkan url http://localhost. Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke MSDOS prompt penulis masukkan perintah perl nikto.pl -h localhost di D:\perl\bin\nikto 1.35.
Hasil :
D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header: PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and considered secure.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi. CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution. CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums
allows any user to change the welcome message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php?VARIABLE= - Contains PHP configuration
information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP configuration information (GET)
+ /phpmyadmin/ - This might be interesting... (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ /test/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=&lt;script&gt;alert(document.cookie)&lt;/script&gt;%20
- This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s) found on remote host(s)
+ End Time: Sun Jan 29 17:09:54 2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

0 komentar:

Posting Komentar