Rabu, 06 Maret 2013

www.bontangkota.go.id : nikto linux

berikut adaLah contoh penggunaan nikto di linux..
sebelumnya...nikto adalah salah satu tools untuk melakukan pengecekan pada web server
apakah suatu web server memiliki celah or lubang or bugs..
yang berpotensi untuk di susupi oleh peretas..dunia maya...

cara install
linux : root@yur4-xkill:# sudo apt-get install nikto
win#%$ : http://indocracker.wetpaint.com/page/Memeriksa+keamanan+webserver+dengan+NIKTO
silahkan baca distu ych..heee.,malez ngetik ulang..

prachtheck....==>>>>>>

root@yur4-xkill:/home/yur4# nikto -h www.bontangkota.go.id
- Nikto v2.03/2.04
---------------------------------------------------------------------------
+ Target IP: 222.124.180.250
+ Target Hostname: www.bontangkota.go.id
+ Target Port: 80
+ Start Time: 2010-05-23 18:14:05
---------------------------------------------------------------------------
+ Server: Apache
- /robots.txt - contains 1 'disallow' entry which should be manually viewed. (GET)
+ OSVDB-0: Retrieved X-Powered-By header: PHP/5.2.9
+ OSVDB-0: ETag header found on server, inode: 8208522, size: 34, mtime: 0x46bd84b395880
+ OSVDB-637: GET /~root - Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users).
+ OSVDB-0: GET /help/ : Help directory should not be accessible
+ OSVDB-0: GET /index.php?module=My_eGallery : My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection.
+ OSVDB-0: GET /index.php?option=search&searchword= : Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php/content/search/?SectionID=3&SearchText= : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /index.php/content/advancedsearch/?SearchText=&PhraseSearchText=&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search : eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-0: GET /?mod=&op=browse : Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-25497: GET /index.php?rep= : GPhotos index.php rep Variable XSS.
+ OSVDB-877: TRACE / : TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details
+ OSVDB-8193: GET /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc : EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-12606: GET /index.php?err=3&email=\"> : MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12184: GET /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 : PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings.
+ OSVDB-2790: GET /index.php?vo=\"> : Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3092: GET /administrator/ : This might be interesting...
+ OSVDB-3092: GET /includes/ : This might be interesting...
+ OSVDB-3093: GET /index.php?base=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?IDAdmin=test : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?pymembs=admin : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?SqlQuery=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?tampon=test%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /index.php?topic=%20 : This might be interesting... has been seen in web logs from an unknown scanner.
+ OSVDB-3093: GET /.bashrc : User home dir was found with a shell rc file. This may reveal file and path information.
+ OSVDB-3093: GET /.bash_history : A user's home directory may be set to the web root, the shell history was retrieved. This should not be accessible via the web.
+ OSVDB-3268: GET /icons/ : Directory indexing is enabled: /icons
+ OSVDB-3761: GET /?pattern=/etc/*&sort=name : The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl.
+ OSVDB-3092: GET /install.php : install.php file found.
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 30 item(s) reported on remote host
+ End Time: 2010-05-23 18:58:58 (2693 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Test Options: -h www.bontangkota.go.id
---------------------------------------------------------------------------

dari hasiL scanning di atas dapat di lihat bahwa target vuln dengan banyak serangan
salah satu yang paling menonjol adaLah XSS attack...
yang memungkinkan attacker untuk mengambil cookie dari web tersebut..
sebagai contoh:
+ OSVDB-12606: GET /index.php?err=3&email=\"> : MySQL Eventum is vulnerable to XSS in the email field.

c0ba masukan ini di web browser kawan2..& lihat apa yang terjadi??
http://www.bontangkota.go.id/index.php?err=3&email\">

yang lain2 bisa di c0ba sendiri dch.,.hehee
sekarang terserah kawan2..mw ngasih tau si admin or mw meng-eksploitasi lebih jauh lagi..hee

hanya sampai disini sajjha yach....
tulisan ini hanya untuk pembelajaran sajjha..


tested on : ubuntu
go0o....open source...indonesia..
salam mayyah...:)
yur4..
Sumber : devirakhjib

Previous
Next Post »