apache pen test

Viewing 17 reply threads
  • Author
    Posts
    • #7030
      midnight monster
      Participant

      hello
      i have a problem in pentest my target has a apache web server
      with php page and i wanna perform an external attack to the server
      i tried scan theserver with ( Acunetix Web Vulnerability Scanner 7 )
      but i not found an efficient Vulnerability to exploit (maybe my Acunetix is noyt working properly its a free version ) i dont know what i must to do. i perfomed a port scanning ofthe server to and here is the open ports”

      PORT      STATE  SERVICE    VERSION

      21/tcp    open  tcpwrapped

      80/tcp    open  http      Apache httpd

      443/tcp  open  ssl/https?

      1723/tcp  open  pptp      linux (Firmware: 1)

      5901/tcp  open  vnc

      10000/tcp open  http      MiniServ 1.570 (Webmin)

      do you have any opinion about my problem ? and can i use metasploit to exploit the server
      im new in hacking world please help me

      thank you

    • #43634
      cd1zz
      Participant

      You need to learn how to enumerate services and their respective versions. After that, you’ll need to learn how to search for any known exploits for those particular versions. If you’re specifically looking for web attacks, you might have to use other tools like burp or paros.

    • #43635
      midnight monster
      Participant

      ok cd1zz
      may i ask you somtihng?
      do you know any refrence to learn how to enumerate services
      and search for any known exploits ? as you said
      about web attack tools can you tel a compelete name of them?
      thanks alot for your help and take care

    • #43636
      cd1zz
      Participant

      Google “service fingerprinting”

      As far as searching for exploits, there are a number of places to look. You’ll have to start googling for that too, I suspect that “exploits” would be a good place to start.

      You should really try to figure all this out on your own, get some books, spend some time learning, no one is going to hold your hand and show you how to do any of this.

      What is your motivation for this? It seems strange that you’re in a “pentest” and don’t know how to enumerate or fingerprint services. I suspect you’re up to no good.

    • #43637
      rance
      Participant

      @midnight monster wrote:

      do you know any refrence to learn how to enumerate services
      and search for any known exploits?

      Right here: http://www.google.com

      @midnight monster wrote:

      as you said about web attack tools can you tel a compelete name of them?

      Here’s one list: http://sectools.org/ – I’d use the tool I listed above to find more.

    • #43638
      midnight monster
      Participant

      cd1zz
      yes you right as i said i have microsft product hacking experiance

    • #43639
      midnight monster
      Participant

      and as i said im beginner in hacking world
      i can attack iis servers ftp and ……………..

    • #43640
      Anonymous
      Participant

      What sort stuff is running on the website ? Gather as much information about what is running what technology is being used. What happens if you get an error page does it tell you more information about what is running ?

    • #43641
      midnight monster
      Participant

      as i know i found some dns server in footprinting and nmap tell me the server os is windows server 2008 985 but i dont think so i think it linux and the web script language is PHP

    • #43642
      midnight monster
      Participant

      i searched exploit-db.com and i found some perl exploit but its not runing on backtrack

    • #43643
      mambru
      Participant

      i searched exploit-db.com and i found some perl exploit but its not runing on backtrack

      If you don’t manage to make the exploit run, I guess you don’t even know how it works and what it does, it sounds like a very bad idea…

    • #43644
      midnight monster
      Participant

      @mambru wrote:

      i searched If you don’t manage to make the exploit run, I guess you don’t even know how it works and what it does, it sounds like a very bad idea…

      i was told this more than 43 times im a beginner in hacking world
      i dont know perl programming language but i can use perl apps and i know html

    • #43645
      mambru
      Participant

      i dont know perl programming language but i can use perl apps and i know html

      PenTesting is not about being able to run apps, you need to know how things work and what you’re doing, then you can use tools.

    • #43646
      Anonymous
      Participant

      Ok first you need to find out what’s running and confirm this is running. You seem so quick to try run exploit! You need information first and most of the time with web apps you can exploit them because the developer has made mistake you don’t need to run exploit.

      Do you understand PHP?
      Have you used burp suit to see what prams are being sent to the server ?
      Is is running mysql as a backend ?
      Is it running any other technology javascript,css,asp so on?
      Is the site using a CMS ? Can you download this and see how it works ?
      How many pages have dymantic contents ? forms,uploads etc…..

      I guess the main question is do you own this system and what it the outcome you are looking for ? are you just looking to get root or are you try see if there are any problem with the site ?

      PENTESTING IS NOT ABOUT RUNNING EXPLOITS!!!

    • #43647
      midnight monster
      Participant

      hello Jamie.R
      yes i understand PHP a little. and there is no sql service is running on the server.about the burpsuite i have a trial version of it and the scanner button is working do you know other softwares to do that for me?

      as i think the web site only using php and xss no jav no asp not thing!

      and i scaned the site with a CMS scanner i founfd this vulnerabilites

      =================================================
      Vulnerabilities Discovered
      =================================================
      # 1
      Info -> Core: Multiple XSS/CSRF Vulnerability
      Versions Affected: 1.5.9 <=
      Check: /?1.5.9-x
      Exploit: A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. 
      Vulnerable? N/A

      # 2
      Info -> Core: JSession SSL Session Disclosure Vulnerability
      Versions effected: Joomla! 1.5.8 <=
      Check: /?1.5.8-x
      Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.  This can allow someone monitoring the network to find the cookie related to the session.
      Vulnerable? N/A

      # 3
      Info -> Core: Frontend XSS Vulnerability
      Versions effected: 1.5.10 <=
      Check: /?1.5.10-x
      Exploit: Some values were output from the database without being properly escaped.  Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
      Vulnerable? N/A

      # 4
      Info -> Core: Frontend XSS – HTTP_REFERER not properly filtered Vulnerability
      Versions effected: 1.5.11 <=
      Check: /?1.5.11-x-http_ref
      Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
      Vulnerable? N/A

      # 5
      Info -> Core: Frontend XSS – PHP_SELF not properly filtered Vulnerability
      Versions effected: 1.5.11 <=
      Check: /?1.5.11-x-php-s3lf
      Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
      Vulnerable? N/A

      # 6
      Info -> Core: Path Disclosure Vulnerability
      Versions effected: Joomla! 1.5.3 <=
      Check: /?1.5.3-path-disclose
      Exploit: Crafted URL can disclose absolute path
      Vulnerable? N/A

      # 7
      Info -> Core: User redirected Spamming Vulnerability
      Versions effected: Joomla! 1.5.3 <=
      Check: /?1.5.3-spam
      Exploit: User redirect spam
      Vulnerable? N/A
      =================================================

      do you know what i must to do next ?

      and about your main question :
      the owner of the is my brother
      and he dosent know anything about web server or services or some thing like that
      the site is an econamy forum and as you know every forums has dynamic content

      thank you for helping me
      take care

    • #43648
      midnight monster
      Participant

      and here is the services are runnig on the server
      http     
      ssl/https?
      pptp linux (Firmware: 1)
      http MiniServ 1.570

    • #43649
      midnight monster
      Participant

      do you know anything about miniserv?

    • #43650
      rance
      Participant

      @midnight monster wrote:

      do you know anything about miniserv?

      I’m not trying to be too snarky here, but that’s a question you should totally be able to resolve with google.  A good pen tester needs to be able to research.

Viewing 17 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?