NIKTO A Vulnerability Assessment Information Networking Security and Assurance Lab
Download
Report
Transcript NIKTO A Vulnerability Assessment Information Networking Security and Assurance Lab
A Vulnerability Assessment
NIKTO
1
Information Networking Security and Assurance Lab
National Chung Cheng University
Description
Nikto is a web server scanner which performs
comprehensive tests against web server for
multiple items
2600 potentially dangerous files/CGIs
Versions on over 625 servers
Version specific problems on over 230 servers
Nikto support for LibWhisker’s anti-IDS
methods (IDS evasion)
2
Information Networking Security and Assurance Lab
National Chung Cheng University
Description
Nikto perform security or information checks
Misconfigurations
Default files and scripts
Insecure files and scripts
Outdate software
3
Information Networking Security and Assurance Lab
National Chung Cheng University
Purpose
To understand what is vulnerability scanner,
and why we need it
To family with the operation of the Nikto
vulnerability scanner.
4
Information Networking Security and Assurance Lab
National Chung Cheng University
Principle and Pre-study
A look at whisker's anti-IDS tactics
an HTTP request defined by RFC 1945
Types of IDS
Smart
Raw
5
Information Networking Security and Assurance Lab
National Chung Cheng University
IDS evasion
Evasion type
Evasion method
1
Method matching
GET /cgi-bin/some.cgi HEAD /cgi-bin/some.cgi
2
URL encoding
cgi-bin %63%67%69%2d%62%69%6e
3
Double slashes
/cgi-bin/some.cgi //cgi-bin//some.cgi
4
Reverse traversal
/cgi-bin/some.cgi
5
Self-reference directories
cgi-bin/phf /./cgi-bin/./phf
6
Premature request ending
GET /%20HTTP/1.0%0d%0aHeader:%20/../../cgi-bin/some.cgi HTTP/1.0\r\n\r\n
7
Parameter hiding
GET /index.htm%3fparam=/../cgi-bin/some.cgi HTTP/1.0
8
HTTP mis-formatting
Method<space>URI<space>HTTP/Version CRLF CRLF ->
Method<tab>URI<tab>HTTP/ Version CRLF CRLF
9
Long URLs
GET /rfprfp<lots of characters>rfprfp/../cgi-bin/some.cgi HTTP/1.0
10
DOS/Win directory syntax
"/cgi-bin/some.cgi“ "/cgi-bin\some.cgi"
11
NULL method processing
GET%00 /cgi-bin/some.cgi HTTP/1.0
12
Case sensitivity
/cgi-bin/some.cgi /CGI-BIN/SOME.CGI
13
Session splicing
"GET / HTTP/1.0“ "GE", "T ", "/", " H", "T", "TP", "/1", ".0"
Information Networking Security and Assurance Lab
14
In summary
National Chung Cheng University
GET /cgi-bin/blahblah/../some.cgi HTTP/1.0
Combine multiple tactics together
6
Required Facilities
Permission
Do not proceed without receiving the necessary
permissions
Hardware:
PC or Workstation with UNIX-based OS
Software
Perl 5.004
Nikto 1.32
NET::SSLeay
LibWhisker
OpenSSL
7
Information Networking Security and Assurance Lab
National Chung Cheng University
Step (I): install Nikto
Install nikto with port tree
After install nikto,
patch /usr/local/bin/nikto.pl to indicate the config.txt
patch /usr/local/etc/nikto/config.txt to indicate the plugin directory
8
Information Networking Security and Assurance Lab
National Chung Cheng University
IDS evasion
option
mutate checks
option
IDS evasion
method
9
Information Networking Security and Assurance Lab
National Chung Cheng University
Basic scan information
Web server banner and
basic function
Report some
vulnerability and
suggest the solution
Information Networking Security and Assurance Lab
National Chung Cheng University
Report the result
10
Step (II): execute nikto
Basic scan
information
Web server banner
and basic function
Report some
vulnerability and
suggest the solution
Report the result
11
Information Networking Security and Assurance Lab
National Chung Cheng University
Step (III): IDS evasion
Detection with IDS
evasion method 1 2
on target
140.123.113.86
12
Information Networking Security and Assurance Lab
National Chung Cheng University
Summary
CGI exploits are everywhere. It is most
important that you scan your own site so that
you can see what attackers might see.
Nikto is a PERL, open source web server
scanner which supports SSL. It checks for
remote web server vulnerabilities and
misconfigurations.
13
Information Networking Security and Assurance Lab
National Chung Cheng University
Reference
Nikto
http://www.cirt.net/code/nikto.html
Comprehensive Perl Archive Network
http://www.cpan.org
LibWhisker
http://www.wiretrip.net/rfp/lw.asp
A look at whisker’s anti-IDS tactics
http://www.wiretrip.net/rfp/txt/whiskerids.html
14
Information Networking Security and Assurance Lab
National Chung Cheng University
Outline
A Real World Attack: wu-ftp
Vulnerability Scanners
All-Purpose Tools
Application Inspection
TRIPWIRE & MD5
15
Information Networking Security and Assurance Lab
National Chung Cheng University