Monday, January 4, 2010

how secure of your apache server???

[root@manutd nikto-2.1.0]# ./nikto.pl -c all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:02:00
---------------------------------------------------------------------------
+ Server: Apache/2.2.13 (Fedora)
+ OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: Apache/2.2.13 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3582 items checked: 5 item(s) reported on remote host
+ End Time: 2009-11-23 0:02:00 (18 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



========== after mod_security installed ===========================
[root@manutd nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:08:00
---------------------------------------------------------------------------
+ Server: Apache/2.2.0 (Fedora)
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: Apache/2.2.0 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ 3582 items checked: 2 item(s) reported on remote host
+ End Time: 2009-11-23 0:09:00 (55 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



======== after apache config tuned ===============
[root@manutd nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:22:00
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ 3582 items checked: 1 item(s) reported on remote host
+ End Time: 2009-11-23 0:23:00 (57 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



========== last modification =============
[root@devil nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15

- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:57:00
---------------------------------------------------------------------------
+ Server: This is Windows IIS 10. Enjoy hacking
+ 3582 items checked: 0 item(s) reported on remote host
+ End Time: 2009-11-23 0:58:00 (45 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



see , Windows IIS 10, Enjoy Hacking :P

Intruders cant guess what is my server platform, but they still can grab my webpage header.
Maybe they can guess from my webpage header.


see, nothing to be found.... i just do a basic modification in apache and mod_security.
For more advance topics in mod_security, please read below 2 books. It is very useful for apache
Apache Security by Ivan Ristic
The Definitive Guide to Apache mod_rewrite by Rich Bowen


Actually i have to do more advance web vulnerable testing because tested with 1 tools is not enough. It is dangerous if the production server only done with 1 tools for pen test.


hopefully i got time to do more advance pentest with various open source web scanner also proprietary product like NESSUS

Pentoo, another security distro

Pentoo, another security distro which intro by my china friend who playing Back Track with me along.

i had tested with my EEEPC 1005HA, it is very fast compared to BT4. Of coz BT4 is slower due to the x windows client is KDE3.x.

There's 2 things really impressed me which are latest kernel 2.6.32 and 2x CUDA Apps. The advantages of new kernel is more driver supported and i can use EXT4, i like this File System pretty much due to better performance. Yet, the CUDA Apps really make use the processing speed of CUDA, it is really good in brute force.

There's a GUI thingy called Fast Track Web Interface to allow people who are not familiar with linux have better life to play with this tools. This kind of GUI thingy also available in other security distro like NST.

I plan to install the Pentoo in my eeepc ,but my china friend ask me to wait for BT4 due to Bt4 final will release in this month. As i see from current development, the BT4 will come with Kernel 2.6.29 and my eeepc wireless card is able to detected automatically. I can install it thru source code but look like not so PERFECT already.

Well, let see what happen in BT4 after release.

Please see the Pentoo screenshot which i took by vmware


Sunday, January 3, 2010

1st blog of 2010 - CUDA enabled GPGPU

this is my 1st blog in 2010 after i stopped blogging for almost half year.

As we know the brute force attack is required high speed processing power in order to achieve it.
but nowadays brute force attack can be done a normal home use PC. Thanks to NVIDIA who make the CUDA chipset to speed up the calculation of processing speed.

1 years ago, i dont see many of the CUDA based applications available in internet. With the effort of programmers, they had done some CUDA apps for brute force which is available in BackTrack 4 and Pentoo security distro.

Recently, ASUS has announced their home made super computer which is powered by CUDA GPGPU. It is very cheap like 200-300 USD per teraflops

As we can see, more and more CUDA based applications will be available soon. It is good because the calculation speed is speed up and the price is lower down whereas It is bad for people who have evil mindset.

Nothing to be safe if CUDA really make use in the our life. Any crypto can be decrypt within very few minutes or less.