security test

Networking/Security Forums -> General Security Discussion

Author: pixel PostPosted: Wed Apr 09, 2003 10:58 pm    Post subject: security test
    ----
http://www.pixelcreations.org/ i was wondering if someone could run a security test, and see if they can find any obvious problems with it. just for fun you know :-p

Author: flwLocation: U.S.A. PostPosted: Thu Apr 10, 2003 3:38 am    Post subject:
    ----
I only did a very basic test and checked the site for some html script issues.

Services advertised:

SSH open to any ip to login
smtp
Time
http Apache 1.3.26 (not current 1.3 version, just need to lookup .26 issues) Debian GNU/Linux
SMUX


Statistics for managers
Correct internal URLs, by MIME type:
text/html 97 URLs 1583837 Bytes (1546 KB) 21.00%
image/gif 150 URLs 673174 Bytes (657 KB) 32.47%
text/plain 18 URLs 1914875 Bytes (1869 KB) 3.90%
text/css 2 URLs 998 Bytes (0 KB) 0.43%
application/octet-stream 45 URLs 11421414 Bytes (11153 KB) 9.74%
application/zip 19 URLs 3388545 Bytes (3309 KB) 4.11%
image/jpeg 128 URLs 3649139 Bytes (3563 KB) 27.71%
application/msword 3 URLs 119808 Bytes (117 KB) 0.65%

Total 462 URLs 22751790 Bytes (22218 KB) 100.00%

All pages, by result type:
ok 462 URLs 38.44%
not found 103 URLs 8.57%
skip external 636 URLs 52.91%
no info to return 1 URLs 0.08%

Total 1202 URLs 100.00%

<snipped for clarity>

Author: Anahka PostPosted: Thu Apr 10, 2003 10:50 am    Post subject:
    ----
Out of curiosity; where/how do you do this scan? I'd like to check my company's website.

Author: ComSec PostPosted: Thu Apr 10, 2003 3:41 pm    Post subject:
    ----
he used a program called Xenu's Link Sleuth.

here is a link to more details and download

http://home.snafu.de/tilman/xenulink.html

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Apr 10, 2003 3:59 pm    Post subject:
    ----
Port State Service
21/tcp open ftp ( 220 cs1.simplehost.com NcFTPd Server)
22/tcp open ssh (SSH-1.99-OpenSSH_3.4)
23/tcp filtered telnet (Unknown/Filtered)
25/tcp open smtp (ESMTP Sendmail 8.12.2/8.12.6Wink
80/tcp open http (Apache/1.3.12 (Unix) FrontPage/4.0.4.3 PHP/4.2.3 on FreeBSD)
161/tcp filtered snmp
162/tcp filtered snmptrap
199/tcp filtered smux
443/tcp open https
445/tcp filtered microsoft-ds
705/tcp filtered unknown
1993/tcp filtered snmp-tcp-port
3306/tcp open mysql

No exact OS matches for host

Uptime 47.679 days (since Fri Feb 21 21:33:16 2003)

External SNMP is VERY bad but at least it's filtered.

And mySQL is IPmasked aswell so I can't version it.

Plenty to play with though Smile

fastlanwan where do you get your details from? It's not Apache 1.3.26 and it's not got time open as far as I can tell?

Author: oebLocation: That Island of drunks over there PostPosted: Thu Apr 10, 2003 4:03 pm    Post subject:
    ----
The site www.pixelcreations.org is running Apache/1.3.12 (Unix) FrontPage/4.0.4.3 PHP/4.2.3 on FreeBSD

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Apr 10, 2003 4:06 pm    Post subject:
    ----
ShaolinTiger wrote:

80/tcp open http (Apache/1.3.12 (Unix) FrontPage/4.0.4.3 PHP/4.2.3 on FreeBSD)


I allready said that and I know how to use netcraft too Razz

Author: oebLocation: That Island of drunks over there PostPosted: Thu Apr 10, 2003 4:09 pm    Post subject:
    ----
ShaolinTiger wrote:

No exact OS matches for host



Ya, I'm just better at netcraft =D


Ian

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Apr 10, 2003 4:14 pm    Post subject:
    ----
oeb wrote:
ShaolinTiger wrote:

No exact OS matches for host



Ya, I'm just better at netcraft =D


Ian


That was just a paste from nmap you numpty, if you look by port 80 it's got FreeBSD aswell.

But that's from the HTTP banner not a TCP/IP fingerprint so it's not as reliable.

So neh neh Razz

Author: Mongrel PostPosted: Thu Apr 10, 2003 4:14 pm    Post subject:
    ----
Quote:
Anahka posted: Out of curiosity; where/how do you do this scan?
I'd like to check my company's website.


Anahka - Please know that any scan against someone else's network -
especially a corporate network could easily be construed as illegal.
It is highly recommended by any reputable security rulesets I
know of that you never perform such actions against someone else's
network without written permission.

Even security professionals whose job it is to routinely do these things
should have a written permission and a list of acceptable activities.

Author: oebLocation: That Island of drunks over there PostPosted: Thu Apr 10, 2003 4:16 pm    Post subject:
    ----
ShaolinTiger wrote:
oeb wrote:
ShaolinTiger wrote:

No exact OS matches for host



Ya, I'm just better at netcraft =D


Ian


That was just a paste from nmap you numpty, if you look by port 80 it's got FreeBSD aswell.

But that's from the HTTP banner not a TCP/IP fingerprint so it's not as reliable.

So neh neh Razz


Ya, well my dad would kick your dads ass.

Author: ShaolinTigerLocation: Kuala Lumpur, Malaysia PostPosted: Thu Apr 10, 2003 4:19 pm    Post subject:
    ----
oeb wrote:


Ya, well my dad would kick your dads ass.


Yeh well I can piss higher than you! Rolling Eyes

Author: oebLocation: That Island of drunks over there PostPosted: Thu Apr 10, 2003 4:45 pm    Post subject:
    ----
only if you stand on a stool!

Author: ruffneck PostPosted: Mon Jun 16, 2003 5:20 pm    Post subject:
    ----
Mongrel wrote:
Quote:
Anahka posted: Out of curiosity; where/how do you do this scan?
I'd like to check my company's website.


Anahka - Please know that any scan against someone else's network -
especially a corporate network could easily be construed as illegal.
It is highly recommended by any reputable security rulesets I
know of that you never perform such actions against someone else's
network without written permission.

Even security professionals whose job it is to routinely do these things
should have a written permission and a list of acceptable activities.


I just had to try 3 times to bypass the "robot-check" to register to this forum to tell what you already had told. In some countries even trying to break into a system is a crime and even portscan may be defined as a 'try'. What we see here is an evidence.


we are the robots Twisted Evil

Author: AflackLocation: This Is Xtreme PostPosted: Tue Jun 17, 2003 3:03 am    Post subject:
    ----
Great program and all adding to my lists. I am still wondering how you found out this information using that program.

SSH open to any ip to login
smtp
Time
http Apache 1.3.26 (not current 1.3 version, just need to lookup .26 issues) Debian GNU/Linux
SMUX

I can only seem to see every link that the webpage has and sublinks. Also I am able to see the server type which is the Apache 1.3.12 or .27 like mention above. Can you please tell me how you found out how SSH was open to any IP to login and how SMTP was found also? Thanks!

Also why do I see other address like different websites when I check for that pacific website. I am finding things like nbci.msnbc.com, lemonde.fr, yahoo.com can you explain why these are showing?

Also when using NMAP I got Remote operating system guess: FreeBSD 4.5-RELEASE (or -STABLE) (X86). Also this server has netbios running.

138/tcp open netbios-dgm
139/tcp open netbios-ssn



Networking/Security Forums -> General Security Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group