Sabtu, 04 Juni 2011

21.59

Configuration Management Testing

Diposting oleh monyonk
Label:
Often analysis of the infrastructure and topology architecture can reveal a great deal about a web application. Information such as source code, HTTP methods permitted, administrative functionality, authentication methods, and infrastructural configurations can be obtained.



>>SSL/TLS TESTING (OWASP-CM-001)
    root@bt:~# nmap -F -sV akakom.ac.id
    Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-04 14:02 WIT
    Nmap scan report for akakom.ac.id (110.76.151.2)
    Host is up (0.027s latency).
    rDNS record for 110.76.151.2: mail.akakom.ac.id
    Not shown: 90 closed ports
    PORT STATE SERVICE VERSION
    22/tcp open ssh OpenSSH 5.5 (protocol 2.0)
    25/tcp open smtp Sendmail 8.14.4/8.14.4
    53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
    80/tcp open http Apache httpd
    110/tcp open pop3 Dovecot pop3d
    143/tcp open imap Dovecot imapd
    445/tcp filtered microsoft-ds
    587/tcp open smtp Sendmail 8.14.4/8.14.4
    993/tcp open ssl/imap Dovecot imapd
    995/tcp open ssl/pop3 Dovecot pop3d
    Service Info: OS: Unix
    Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 20.85 seconds


>>Test open SSL
root@bt:~# openssl s_client -no_tls1 -connect www.akakom.ac.id:443
CONNECTED(00000003)
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizational Unit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizational Unit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=10:certificate has expired
notAfter=Sep 18 11:51:59 2009 GMT
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizational Unit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
notAfter=Sep 18 11:51:59 2009 GMT
verify return:1
---
Certificate chain
0 s:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
i:/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEDjCCA3egAwIBAgICYYAwDQYJKoZIhvcNAQEFBQAwgbsxCzAJBgNVBAYTAi0t
MRIwEAYDVQQIEwlTb21lU3RhdGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQK
ExBTb21lT3JnYW5pemF0aW9uMR8wHQYDVQQLExZTb21lT3JnYW5pemF0aW9uYWxV
bml0MR4wHAYDVQQDExVsb2NhbGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0B
CQEWGnJvb3RAbG9jYWxob3N0LmxvY2FsZG9tYWluMB4XDTA4MDkxODExNTE1OVoX
DTA5MDkxODExNTE1OVowgbsxCzAJBgNVBAYTAi0tMRIwEAYDVQQIEwlTb21lU3Rh
dGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQKExBTb21lT3JnYW5pemF0aW9u
MR8wHQYDVQQLExZTb21lT3JnYW5pemF0aW9uYWxVbml0MR4wHAYDVQQDExVsb2Nh
bGhvc3QubG9jYWxkb21haW4xKTAnBgkqhkiG9w0BCQEWGnJvb3RAbG9jYWxob3N0
LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCk1G04ZZqc
FdKGvfPTke/ed7CAPz9/6GYUH1ZkkVznDoGiA2oK+EeAQKODU9Ud1HFo7cnUdiqb
LE4y/w64yPm5ICekZr6fKS91Y6hXqDeRMle0bTdkg7zYG54a3p1U/+0oesok3DbC
zHHqYExDgTojxdlPj1aHAxHvxu7iH/fYOwIDAQABo4IBHTCCARkwHQYDVR0OBBYE
FEGwfGoX9C9WvUPCU6bVc5Igzoj1MIHpBgNVHSMEgeEwgd6AFEGwfGoX9C9WvUPC
U6bVc5Igzoj1oYHBpIG+MIG7MQswCQYDVQQGEwItLTESMBAGA1UECBMJU29tZVN0
YXRlMREwDwYDVQQHEwhTb21lQ2l0eTEZMBcGA1UEChMQU29tZU9yZ2FuaXphdGlv
bjEfMB0GA1UECxMWU29tZU9yZ2FuaXphdGlvbmFsVW5pdDEeMBwGA1UEAxMVbG9j
YWxob3N0LmxvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290QGxvY2FsaG9z
dC5sb2NhbGRvbWFpboICYYAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB
gQAdx3Uv0rHbmbd9zbi0wiN+O0h5oQijUy4KwwNfrgP1F1yEqPPOn1JP36KMorsE
A+7lEP1mekGEQjwyEWO0UidwyhMniLVB6+EChDlhbXodAJKO1nf9NIgqcy1udb9b
ou7o60PVGTEJjLbV+khpYFzz93cdbPHCUlVfc0ChFisR+w==
-----END CERTIFICATE-----
subject=/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
issuer=/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
---
No client certificate CA names sent
---
SSL handshake has read 1629 bytes and written 335 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: C086D5C61139587F89DBC8DF0C1608D8776894EC61A7B114DF5A0F1A78F8B4CC
Session-ID-ctx:
Master-Key: 4AACEC57BFC28E4B72F1946A14C4F1615A38AAD08E3C8B0377BE8FCC971C056294FADF951BBF01A156A33EB56F5547C2
Key-Arg : None
Start Time: 1307171463
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)


>>Testing With Nessus


>>DB LISTENER TESTING (OWASP-CM-002)
not found

>>INFRASTRUCTURE CONFIGURATION MANAGEMENT TESTING (OWASP-CM-003)
not found

>>APPLICATION CONFIGURATION MANAGEMENT TESTING (OWASP-CM-004)
not found


>>TESTING FOR FILE EXTENSIONS HANDLING (OWASP-CM-005)

Nikto scanner
root@bt:/pentest/web/nikto# ./nikto.pl -h www.akakom.ac.id
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 110.76.151.4
+ Target Hostname: www.akakom.ac.id
+ Target Port: 80
+ Start Time: 2011-06-05 15:31:26
---------------------------------------------------------------------------
+ Server: Apache/2.2.3 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.5
+ robots.txt contains 14 entries which should be manually viewed.
+ Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ ETag header found on server, inode: 5594158, size: 11692, mtime: 0x963c12c0
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3233: /phpinfo.php: Contains PHP configuration information
+ OSVDB-682: /usage/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /error_log: This might be interesting...
+ OSVDB-3092: /includes/: This might be interesting...
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /logs/: This might be interesting...
+ OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /manual/: Web server manual found.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6448 items checked: 0 error(s) and 22 item(s) reported on remote host
+ End Time: 2011-06-05 15:39:04 (458 seconds)
---------------------------------------------------------------------------



lol.. :D

>>OLD, BACKUP AND UNREFERENCED FILES (OWASP-CM-006)
not found

>>INFRASTRUCTURE AND APPLICATION ADMIN INTERFACES (OWASP-CM-007)



>>TESTING FOR HTTP METHODS AND XST (OWASP-CM-008)
not found


0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)