Tach! Habe gerade mal das Webservertest-tool 'nikto' von der CD der aktuellen c't installiert und probiere das an diversen Servern aus. Uiuiui. Wer Perl auf seiner Kiste hat und einen oder mehr Server betreut sollte das mal dr�ber lassen. N�here Infos zum Tool finden sich hier:
http:/www.cirt.net Und so sieht der Output f�r zwei typische Server aus. Bitte nicht gleich paniken, ein ziemlicher Teil des Outputs ist nur Info oder (teilweise Fehlalarm): Z:\>nikto.pl -host www.fnord.com -***** SSL support not available (see docs for SSL install instructions) ***** ---------------------------------------------------------------------- ----- - Nikto 1.32/1.19 - www.cirt.net + Target IP: 192.168.0.1 + Target Hostname: www.fnord.com + Target Port: 80 + Start Time: Mon Sep 20 15:29:06 2004 ---------------------------------------------------------------------- ----- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Microsoft-IIS/6.0 + No CGI Directories found (use '-C all' to force check all possible dirs) - Retrieved X-Powered-By header: ASP.NET + Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. + Microsoft-IIS/6.0 is outdated if server is Win2000 (4.0 is current for NT 4) + /modules.php?name=Members_List&letter=All&sortby=pass - PHP Nuke module allows user names and passwords to be viewed. See http://www.frog-man.org/tutos/PHP-Nuke6.0- Members_ListYour_Account.txt for other SQL exploits in this module. (GET) + /junk.aspx - ASP.net reveals its version in invalid .aspx error messages. http://www.tconsult.com/aspnet/exceptions/globalexception.aspx (GET) + /junk.aspx - ASP.net reveals file system paths in invalid .aspx requests. http ://www.tconsult.com/aspnet/exceptions/globalexception.aspx (GET) + /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170 is installed. MS00-006. (GET) + /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET) + /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (GET) + 1513 items checked - 6 item(s) found on remote host(s) + End Time: Mon Sep 20 15:31:48 2004 (162 seconds) ---------------------------------------------------------------------- ----- + 1 host(s) tested oder: Z:>nikto.pl -host www.buggeredpenguin.com -***** SSL support not available (see docs for SSL install instructions) ***** ---------------------------------------------------------------------- ----- - Nikto 1.32/1.19 - www.cirt.net + Target IP: 172.26.228.13 + Target Hostname: www.buggeredpenguin.com + Target Port: 80 + Start Time: Mon Sep 20 15:41:22 2004 ---------------------------------------------------------------------- ----- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache + The root file (/) redirects to: http://www.buggeredpenguin.com/bentover/forsoap + /~root - Enumeration of users is possible by requesting ~username (responds with Forbidden for real users, not found for non-existent users) (GET). + / - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Appears to be a default Apache install. + // - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page. + // - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , By sending an OPTIONS request for /, the physical path to PHP can be revealed. + /?D=A - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing. + /?M=A - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing. + /?N=D - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing. + /?S=A - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Apache allows directory listings by requesting. Upgrade Apache or disable directory indexing. + /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed. (GET) + /manual/images/ - Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET) + / - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , PeopleSoft appears to be running. + / - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Samba-swat web server. Used to administer Samba. + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE) + / - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat- mirror/WhitePaper_screen.pdf for details + /./ - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Appending '/./' to a directory may reveal php source code. + /?mod=<script>alert(document.cookie)</script>&op=browse - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). CA-2000-02. + /?mod=node&nid=some_thing&op=view - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Sage 1.0b3 may reveal system paths with invalid module names. + /?mod=some_thing&op=browse - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , Sage 1.0b3 reveals system paths with invalid module names. + /?pattern=/etc/*&sort=name - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , The TCLHttpd 3.4.2 server allows directory listings via dirlist.tcl. + /?sql_debug=1 - Redirects to http://www.buggeredpenguin.com/bentover/forsoap , The PHP-Nuke install may allow attackers to enable debug mode and disclose sensitiveinformation by adding sql_debug=1 to the query string. + /manual/ - Web server manual? tsk tsk. (GET) + /usage/ - Webalizer may be installed. Versions lower than 2.10-09 vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /bin/ - Directory indexing of CGI directory should be disabled. (GET) + /bin/ - This might be interesting... (GET) + /db/ - This might be interesting... (GET) + 2481 items checked - 9 item(s) found on remote host(s) + End Time: Mon Sep 20 15:54:22 2004 (780 seconds) ---------------------------------------------------------------------- ----- + 1 host(s) tested Wenn man z.B: weiss da� auf fnord.com kein PHPNuke oder auf buggeredpenguin.com kein SAGE installiert ist kann man die enstprechenden Warnungen getrost ignorieren. Fazit: unbedingt ausprobieren. Falls wer kein Perl hat (oder installieren will/kann/darf) mich fragen, ich kann bei Bedarf eine .exe kompilieren versuchen. Ciao, Bernd Don't you like cats? You just dont know how to prepare them. _______________________________________________ Coffeehouse Mailingliste, Postings senden an: [EMAIL PROTECTED] An-/Abmeldung und Suchfunktion unter: http://www.glengamoi.com/mailman/listinfo/coffeehouse
