Monday, January 4, 2010

how secure of your apache server???

[root@manutd nikto-2.1.0]# ./nikto.pl -c all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:02:00
---------------------------------------------------------------------------
+ Server: Apache/2.2.13 (Fedora)
+ OSVDB-0: Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: Apache/2.2.13 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ OSVDB-3268: /icons/: Directory indexing is enabled: /icons
+ OSVDB-3233: /icons/README: Apache default file found.
+ 3582 items checked: 5 item(s) reported on remote host
+ End Time: 2009-11-23 0:02:00 (18 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



========== after mod_security installed ===========================
[root@manutd nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:08:00
---------------------------------------------------------------------------
+ Server: Apache/2.2.0 (Fedora)
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-0: Apache/2.2.0 appears to be outdated (current is at least Apache/2.2.14). Apache 1.3.41 and 2.0.63 are also current.
+ 3582 items checked: 2 item(s) reported on remote host
+ End Time: 2009-11-23 0:09:00 (55 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



======== after apache config tuned ===============
[root@manutd nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15
- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:22:00
---------------------------------------------------------------------------
+ Server: Apache
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ 3582 items checked: 1 item(s) reported on remote host
+ End Time: 2009-11-23 0:23:00 (57 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



========== last modification =============
[root@devil nikto-2.1.0]# ./nikto.pl -C all -host 192.168.1.15

- Nikto v2.1.0/2.1.0
---------------------------------------------------------------------------
+ Target IP: 192.168.1.15
+ Target Hostname: 192.168.1.15
+ Target Port: 80
+ Start Time: 2009-11-23 0:57:00
---------------------------------------------------------------------------
+ Server: This is Windows IIS 10. Enjoy hacking
+ 3582 items checked: 0 item(s) reported on remote host
+ End Time: 2009-11-23 0:58:00 (45 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested



see , Windows IIS 10, Enjoy Hacking :P

Intruders cant guess what is my server platform, but they still can grab my webpage header.
Maybe they can guess from my webpage header.


see, nothing to be found.... i just do a basic modification in apache and mod_security.
For more advance topics in mod_security, please read below 2 books. It is very useful for apache
Apache Security by Ivan Ristic
The Definitive Guide to Apache mod_rewrite by Rich Bowen


Actually i have to do more advance web vulnerable testing because tested with 1 tools is not enough. It is dangerous if the production server only done with 1 tools for pen test.


hopefully i got time to do more advance pentest with various open source web scanner also proprietary product like NESSUS

No comments: