.

apache pen test

<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 10:21 am

apache pen test

hello
i have a problem in pentest my target has a apache web server
with php page and i wanna perform an external attack to the server
i tried scan theserver with ( Acunetix Web Vulnerability Scanner 7 )
but i not found an efficient Vulnerability to exploit (maybe my Acunetix is noyt working properly its a free version ) i dont know what i must to do. i perfomed a port scanning ofthe server to and here is the open ports"

PORT      STATE  SERVICE    VERSION

21/tcp    open  tcpwrapped

80/tcp    open  http      Apache httpd

443/tcp  open  ssl/https?

1723/tcp  open  pptp      linux (Firmware: 1)

5901/tcp  open  vnc

10000/tcp open  http      MiniServ 1.570 (Webmin)

do you have any opinion about my problem ? and can i use metasploit to exploit the server
im new in hacking world please help me

thank you
MCITP - Network +
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Nov 14, 2011 10:56 am

Re: apache pen test

You need to learn how to enumerate services and their respective versions. After that, you'll need to learn how to search for any known exploits for those particular versions. If you're specifically looking for web attacks, you might have to use other tools like burp or paros.
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 11:29 am

Re: apache pen test

ok cd1zz
may i ask you somtihng?
do you know any refrence to learn how to enumerate services
and search for any known exploits ? as you said
about web attack tools can you tel a compelete name of them?
thanks alot for your help and take care
MCITP - Network +
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Nov 14, 2011 11:38 am

Re: apache pen test

Google "service fingerprinting"

As far as searching for exploits, there are a number of places to look. You'll have to start googling for that too, I suspect that "exploits" would be a good place to start.

You should really try to figure all this out on your own, get some books, spend some time learning, no one is going to hold your hand and show you how to do any of this.

What is your motivation for this? It seems strange that you're in a "pentest" and don't know how to enumerate or fingerprint services. I suspect you're up to no good.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Mon Nov 14, 2011 11:40 am

Re: apache pen test

midnight monster wrote:do you know any refrence to learn how to enumerate services
and search for any known exploits?


Right here: http://www.google.com

midnight monster wrote:as you said about web attack tools can you tel a compelete name of them?


Here's one list: http://sectools.org/ - I'd use the tool I listed above to find more.
Poking at security since 1986.  +++ATH
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 11:54 am

Re: apache pen test

cd1zz
yes you right as i said i have microsft product hacking experiance
MCITP - Network +
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 11:57 am

Re: apache pen test

and as i said im beginner in hacking world
i can attack iis servers ftp and .................
MCITP - Network +
<<

millwalll

Post Mon Nov 14, 2011 12:22 pm

Re: apache pen test

What sort stuff is running on the website ? Gather as much information about what is running what technology is being used. What happens if you get an error page does it tell you more information about what is running ?
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 12:30 pm

Re: apache pen test

as i know i found some dns server in footprinting and nmap tell me the server os is windows server 2008 985 but i dont think so i think it linux and the web script language is PHP
MCITP - Network +
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 12:32 pm

Re: apache pen test

i searched exploit-db.com and i found some perl exploit but its not runing on backtrack
MCITP - Network +
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Nov 14, 2011 12:48 pm

Re: apache pen test

i searched exploit-db.com and i found some perl exploit but its not runing on backtrack


If you don't manage to make the exploit run, I guess you don't even know how it works and what it does, it sounds like a very bad idea...
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Mon Nov 14, 2011 2:55 pm

Re: apache pen test

mambru wrote:
i searched If you don't manage to make the exploit run, I guess you don't even know how it works and what it does, it sounds like a very bad idea...


i was told this more than 43 times im a beginner in hacking world
i dont know perl programming language but i can use perl apps and i know html
MCITP - Network +
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Nov 14, 2011 3:09 pm

Re: apache pen test

i dont know perl programming language but i can use perl apps and i know html


PenTesting is not about being able to run apps, you need to know how things work and what you're doing, then you can use tools.
<<

millwalll

Post Tue Nov 15, 2011 4:45 am

Re: apache pen test

Ok first you need to find out what's running and confirm this is running. You seem so quick to try run exploit! You need information first and most of the time with web apps you can exploit them because the developer has made mistake you don't need to run exploit.

Do you understand PHP?
Have you used burp suit to see what prams are being sent to the server ?
Is is running mysql as a backend ?
Is it running any other technology javascript,css,asp so on?
Is the site using a CMS ? Can you download this and see how it works ?
How many pages have dymantic contents ? forms,uploads etc.....

I guess the main question is do you own this system and what it the outcome you are looking for ? are you just looking to get root or are you try see if there are any problem with the site ?

PENTESTING IS NOT ABOUT RUNNING EXPLOITS!!!
<<

midnight monster

User avatar

Newbie
Newbie

Posts: 38

Joined: Fri Nov 11, 2011 9:46 am

Location: In the darkness

Post Wed Nov 16, 2011 7:55 am

Re: apache pen test

hello Jamie.R
yes i understand PHP a little. and there is no sql service is running on the server.about the burpsuite i have a trial version of it and the scanner button is working do you know other softwares to do that for me?

as i think the web site only using php and xss no jav no asp not thing!

and i scaned the site with a CMS scanner i founfd this vulnerabilites

=================================================
Vulnerabilities Discovered
=================================================
# 1
Info -> Core: Multiple XSS/CSRF Vulnerability
Versions Affected: 1.5.9 <=
Check: /?1.5.9-x
Exploit: A series of XSS and CSRF faults exist in the administrator application.  Affected administrator components include com_admin, com_media, com_search.  Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities. 
Vulnerable? N/A

# 2
Info -> Core: JSession SSL Session Disclosure Vulnerability
Versions effected: Joomla! 1.5.8 <=
Check: /?1.5.8-x
Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie.  This can allow someone monitoring the network to find the cookie related to the session.
Vulnerable? N/A

# 3
Info -> Core: Frontend XSS Vulnerability
Versions effected: 1.5.10 <=
Check: /?1.5.10-x
Exploit: Some values were output from the database without being properly escaped.  Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.
Vulnerable? N/A

# 4
Info -> Core: Frontend XSS - HTTP_REFERER not properly filtered Vulnerability
Versions effected: 1.5.11 <=
Check: /?1.5.11-x-http_ref
Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.
Vulnerable? N/A

# 5
Info -> Core: Frontend XSS - PHP_SELF not properly filtered Vulnerability
Versions effected: 1.5.11 <=
Check: /?1.5.11-x-php-s3lf
Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.
Vulnerable? N/A

# 6
Info -> Core: Path Disclosure Vulnerability
Versions effected: Joomla! 1.5.3 <=
Check: /?1.5.3-path-disclose
Exploit: Crafted URL can disclose absolute path
Vulnerable? N/A

# 7
Info -> Core: User redirected Spamming Vulnerability
Versions effected: Joomla! 1.5.3 <=
Check: /?1.5.3-spam
Exploit: User redirect spam
Vulnerable? N/A
=================================================

do you know what i must to do next ?

and about your main question :
the owner of the is my brother
and he dosent know anything about web server or services or some thing like that
the site is an econamy forum and as you know every forums has dynamic content

thank you for helping me
take care
MCITP - Network +
Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 3 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software