Searching...
Jumat, 18 Februari 2011

Memeriksa keamanan webserver dengan NIKTO

Sebenarnya sudah bukan rahasia lagi webserver APACHE sering mendapat serangan dibandingkan webserver  lainnya, disini saya akan menunjukkan cara memeriksa keamanan webserver APACHE sobat dengan NIKTO disertai pengujian keamanannya.

Jika sobat sudah menginstall ActivePerl ke komputer sobat, maka masuk ke C:\Perl\Bin jika sobat menginstall ke drive C dan D:\Perl\Bin jika sobat menginstall di drive D, lalu Download Nikto, dengan masuk ke alamat url http://smg-familycode.co.nr/nikto.zip, disini tutor ini saya mengextractnya ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu masuk ke directory D:\Perl\Bin\nikto-1.35.



Setelah itu untuk melihat source nikto.pl maka gunakan perintah : edit nikto.pl dengan begitu sobat bisa melihat source lebih rapi dibandingkan di notepad, setelah itu kita kembali ke MS-DOS untuk menjalan source nikto ini. Sekarang kita siapkan target, disini kita install saja PHPTriad setelah itu kita jalankan APACHE-nya, lalu masuk ke browser kita masukkan url http://localhost.

Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke MSDOS prompt penulis masukkan perintah perl nikto.pl -h localhost di D:\perl\bin\nikto-1.35.

Hasil :
D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost
-***** SSL support not available (see docs for SSL install instructions) *****
---------------------------------------------------------------------------
- Nikto 1.35/1.34 - www.cirt.net
+ Target IP: 127.0.0.1
+ Target Hostname: localhost
+ Target Port: 80
+ Start Time: Sun Jan 29 17:05:15 2006
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/1.3.14 (Win32)
- Retrieved X-Powered-By header: PHP/4.0.5
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB-
877.
+ PHP/4.0.5 appears to be outdated (current is at least 5.0.3)
+ Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac
he 1.3.33 is still maintained and considered secure.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows
inmod_rewrite and mod_cgi. CAN-2003-0542.
+ Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff
er overflow which allows attackers to kill any process on the system. CAN-2002-0839.
+ Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and
possible code execution. CAN-2002-0392.
+ /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly.
(GET)
+ / - TRACE option appears to allow XSS or credential theft. See
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive
information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184.
(GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote
execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums
allows any user to change the welcome message, and it is vulnerable to Cross Site
Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> - Contains PHP configuration
information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /phpinfo.php - Contains PHP configuration information (GET)
+ /phpmyadmin/ - This might be interesting... (GET)
+ /phpMyAdmin/ - This might be interesting... (GET)
+ /test/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web lo
gs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs
from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from
an unknown scanner. (GET)
+/index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20
- This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 19 item(s) found on remote host(s)
+ End Time: Sun Jan 29 17:09:54 2006 (279 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Selanjutnya terserah sobat ingin memberitahukan bugnya kepada admin atau ingin menyerang webserver dengan bug yang sudah tampil diatas, selamat mencoba.

0 comments:

Posting Komentar

Like & Share :


Mari budayakan berkomentar baik berupa Kritik, Saran, maupun Pertanyaan untuk menjadikan blog ini lebih baik ke depannya. Copy-Paste di ijinkan, tapi URL sumbernya disertakan.
Terima Kasih.

 
Back to top!