OWASP Top 10 Web Hacking Final Lab 17 - Using nikto.pl

{ Using nikto.pl }

---

. Open Mutillidae

1. On BackTrack, Open Firefox
   • Instructions:
     1. Click on the Firefox Icon
   • Notes (FYI):
     • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
2. Open Mutillidae
   • Notes (FYI):
     1. Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
   • Instructions:
     1. Place the following URL in the Address Bar
        • http://192.168.1.111/mutillidae/

 

Use nikto.pl

1. Navigate to nikto.pl
   • Instructions:
     1. cd /pentest/web/nikto
     2. ls -l
   • 
2. Update nikto
   • Instructions:
     1. ./nikto.pl -update
   • 
3. Show Options
   • Instructions:
     1. ./nikto.pl -help
   • 
4. Scan with nikto
   • Note(FYI):
     • Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
   • Instructions:
     1. ./nikto.pl -host http://192.168.1.111/mutillidae | tee mutillidae.txt
   • 
5. View nikto Scan Results
   • Note(FYI):
     1. Right away Nikto identifies the Apache Web Server Version (2.2.17) and the Operating System (Fedora).
     2. In addition, Nikto indicates that the Apache Web Server is running an outdated version.
     3. Immediately, Nikto has uncovered a PHP-Nuke Vulnerability

Section 9. Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE

1. Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
   • Note(FYI):
     1. Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
     2. Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP.
     3. The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response.  This method is often used for testing hypertext links for validity, accessibility, and recent modification.
   • Instructions:
     1. netcat  192.168.1.111 80
     2. HEAD /mutillidae/index.php HTTP/1.1
        • 
          
     3. Host: 192.168.1.111
     4. <Press Enter>
     5. <Press Enter>
   • 

Section 10. Allowed PHP-Nuke Rocket Vulnerability

1. Test PHP-Nuke Rocket Vulnerability
   • Note(FYI):
     1. Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
     2. This attack is call a local file inclusion attack that can execute code -OR- in this case to view a sensitive file (e.g., /etc/passwd).
   • Instructions:
     1. Place the following URL in the address box
        • http://192.168.1.111/mutillidae/index.php?page=../../../../../../../../../../etc/passwd
   • 

Section 11. OSVBD-3233: /phpinfo.php: Contains PHP configuration information

1. OSVDB-3233: /phpinfo.php: Contains PHP configuration information
   • Note(FYI):
     1. Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
     2. While there is no known vulnerability or exploit associated with this, default files often reveal sensitive information or contain unknown or undisclosed vulnerabilities. The presence of such files may also reveal information about the web server version or operating system (e.g., fedora 14).
     3. Read More
   • Instructions:
     1. Place the following URL in the address box
        • http://192.168.1.111/mutillidae/phpinfo.php
   • 

Section 12. OSVBD-3092: Multiple Web Server Interesting Web Document Found

1. OSVDB-3092: /includes/
   • Note(FYI):
     1. Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
     2. A potentially interesting configuration directory was found on the web server. While there is no known vulnerability or exploit associated with this, it may contain sensitive information (i.e., authentication) which can be disclosed to unauthenticated remote users, or aid in more focused attacks.
     3. Read More
   • Instructions:
     1. Place the following URL in the address box
        • http://192.168.1.111/mutillidae/includes/
     2. Click the config.inc
   • 
2. OSVDB-3092 Results
   • Note(FYI):
     1. In the old days (i.e., Last 10 Years), Web Administrators would commonly make a mistake of placing sensitive authentication/connection information in include files, which were publically accessible.
     2. Image an automated Internet Bot that does nothing but search the web for include files!!!
   • 

Section 13. OSVDB-3268: Directory Indexing

1. OSVDB-3268: Directory Indexing
   • Note(FYI):
     1. Replace 192.168.1.111 with your mutilldae IP Address obtained from (Section 3, Step 3)
     2. Directory indexing has been found to be enabled on the web server.  While there is might not be vulnerability or exploit associated with this, it may reveal sensitive or "hidden" files or directories to remote users, or aid in more focused attacks.  (e.g., a test file full of password information).
     3. Read More
   • Instructions:
     1. Place the following URL in the address box
        • http://192.168.1.111/mutillidae/passwords/
     2. Click the accounts.txt
   • 
2. OSVDB-3268: Directory Indexing Results
   • Note(FYI):
     1. So, we know the author intentionally included this. 
     2. But, this is a typical accident that might occur for many innocent reasons.  (e.g., development).
     3. How about people's credit card (SOX) or Health Information (HIPAA) being exposed by accident.
   • 

Section 14. Proof of Lab

1. On BackTrack, Start up a terminal window
   • Instructions:
     1. Click on the Terminal Window
   • 
    
2. Proof of LabCác bạn hãy quay lại toàn bộ tiến trình thực hành và text note có tên của mình