ayuda sobre vulnerabilidades de servidor web?

HALC12 · 4 Julio 2011, 22:45 PM

estas vulnerabilidades se pueden explotar:
Service Detection
External URLs
Web Server No 404 Error Code Check
HTTP Server Type and Version
HTTP Methods Allowed (per directory)

HyperText Transfer Protocol (HTTP) Information
les agradeceria su ayuda

dantemc · 6 Julio 2011, 23:48 PM

Lo unico que tal ves puedas explotár tal ves sean los métodos. Pero no lo mencionas. Que metodos estan activos?

HALC12 · 9 Julio 2011, 21:24 PM

este es el reporte de nessus

Plugin IDs Severity # of issues Synopsis
24260 Low 1 HyperText Transfer Protocol (HTTP) Information
Some information about the remote HTTP configuration can be extracted.

25220 Low 1 TCP/IP Timestamps Supported
The remote service implements TCP timestamps.

19506 Low 1 Nessus Scan Information
Information about the Nessus scan.

10107 Low 1 HTTP Server Type and Version
A web server is running on the remote host.

12053 Low 1 Host Fully Qualified Domain Name (FQDN) Resolution
It was possible to resolve the name of the remote host.

43111 Low 1 HTTP Methods Allowed (per directory)
This plugin determines which HTTP methods are allowed on various CGI directories.

54615 Low 1 Device Type
It is possible to guess the remote device type.

10287 Low 1 Traceroute Information
It was possible to obtain traceroute information.

22964 Low 1 Service Detection
The remote service could be identified.

11936 Low 1 OS Identification
It is possible to guess the remote operating system

49704 Low 1 External URLs
Links to external sites were gathered.

45590 Low 1 Common Platform Enumeration (CPE)
It is possible to enumerate CPE names that matched on the remote system.

10114 Low 1 ICMP Timestamp Request Remote Date Disclosure
It is possible to determine the exact time set on the remote host.

10386 Low 1 Web Server No 404 Error Code Check
The remote web server does not return 404 error codes.

es que no se mucho pero quiero aprender.

.:UND3R:. · 11 Julio 2011, 11:08 AM

Lo veo algo dificil ya que todos son de bajo riesgo (low)

HALC12 · 11 Julio 2011, 22:17 PM

si son de bajo riesgo. pero pense que se le podria sacar algun provecho.
hay alguna forma de tratar de conseguir una shell aun servidor como este???

dantemc · 13 Julio 2011, 05:02 AM

HTTP Methods Allowed (per directory)

si le das en ese, que directorios te muestra y que métodos?

Debci · 13 Julio 2011, 13:32 PM

Fijate que no llegan a ser vulnerabilidades si no información sobre los servicios que corren en dicho servidor.
Busca otro servicio vulnerable o tira de ingeniera social.

Saludos

dantemc · 13 Julio 2011, 19:42 PM

?
si tiene allowed put o delete, eso es una vulnerabilidad y GRANDE...
por eso le pregunto que métodos hay..

HALC12 · 13 Julio 2011, 21:03 PM

esto es lo que dice
Synopsis: This plugin determines which HTTP methods are allowed on various CGI
directories.

Description
By calling the OPTIONS method, it is possible to determine which HTTP
methods are allowed on each directory.

As this list may be incomplete, the plugin also tests - if 'Thorough
tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and
considers them as unsupported if it receives a response code of 400,
403, 405, or 501.

Note that the plugin output is only informational and does not
necessarily indicate the presence of any security vulnerabilities.