Mina
13.10.2005, 15:19
Всем доброво дня. Я тут новинкии и ненашол раздела для новичков.
Дело такое: мне надо както залит шел на один хост. Я просканил и вот што я нашол:
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/2.0.50 (Linux/SUSE)
- Retrieved X-Powered-By header: PHP/4.3.8
+ /robots.txt - contains 1 'disallow' entry which should be manually viewed (added to mutation file lists) (GET).
+ PHP/4.3.8 appears to be outdated (current is at least 5.0.3)
+ Apache/2.0.50 appears to be outdated (current is at least Apache/2.0.54). Apache 1.3.33 is still maintained and considered secure.
+ 2.0.50 (Linux/SUSE) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.
+ /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed. (GET)
+ /manual/images/ - Apache 2.0 directory indexing is enabled, it should only beenabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET)
+ /cgi-bin//htsearch?exclude=%60/etc/passwd%60 - htsearch may reveal file system paths. (GET)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cooki e)</script> -Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /manual/ - Web server manual? tsk tsk. (GET)
+ /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET)
+ /phpBB2/search.php?search_id=1\", - Redirects to install/install.php , phpBB 2.06 search.php is vulnerable to SQL injection attack. Error page also includes full path to search.php file.
+ /css - Redirects to http://hack-site/css/ , This might be interesting.
..
+ /stats/ - Redirects to http://hack-site/stats/0.php , This might be interesting...
+ /web/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in weblogs from an unknown scanner. (GET)
+ /index.php?topic=&lt;script&gt;alert(document.cooki e)&/script&gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 20 item(s) found on remote host(s)
Я нашол тоже здес паказан запрос на игровие сервера "stats"
Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /srv/www/htdocs/stats/includes/panachart.php on line 57
Порты открыты такие
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
14534/tcp open unknown
27015/tcp open unknown
А што дальше, как залить шел? Спасибо за любую информациюю
Дело такое: мне надо както залит шел на один хост. Я просканил и вот што я нашол:
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Apache/2.0.50 (Linux/SUSE)
- Retrieved X-Powered-By header: PHP/4.3.8
+ /robots.txt - contains 1 'disallow' entry which should be manually viewed (added to mutation file lists) (GET).
+ PHP/4.3.8 appears to be outdated (current is at least 5.0.3)
+ Apache/2.0.50 appears to be outdated (current is at least Apache/2.0.54). Apache 1.3.33 is still maintained and considered secure.
+ 2.0.50 (Linux/SUSE) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries.
+ /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used all, the /icons directory should be removed. (GET)
+ /manual/images/ - Apache 2.0 directory indexing is enabled, it should only beenabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET)
+ /cgi-bin//htsearch?exclude=%60/etc/passwd%60 - htsearch may reveal file system paths. (GET)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)
+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)
+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)
+ /index.php?top_message=<script>alert(document.cooki e)</script> -Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)
+ /manual/ - Web server manual? tsk tsk. (GET)
+ /phpBB2/includes/db.php - Some versions of db.php from phpBB2 allow remote file inclusions. Verify the current version is running. See http://www.securiteam.com/securitynews/5BP0F2A6KC.html for more info (GET)
+ /phpBB2/search.php?search_id=1\", - Redirects to install/install.php , phpBB 2.06 search.php is vulnerable to SQL injection attack. Error page also includes full path to search.php file.
+ /css - Redirects to http://hack-site/css/ , This might be interesting.
..
+ /stats/ - Redirects to http://hack-site/stats/0.php , This might be interesting...
+ /web/ - This might be interesting... (GET)
+ /index.php?base=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ /index.php?tampon=test%20 - This might be interesting... has been seen in weblogs from an unknown scanner. (GET)
+ /index.php?topic=&lt;script&gt;alert(document.cooki e)&/script&gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)
+ 2563 items checked - 20 item(s) found on remote host(s)
Я нашол тоже здес паказан запрос на игровие сервера "stats"
Warning: imagecolorallocate(): supplied argument is not a valid Image resource in /srv/www/htdocs/stats/includes/panachart.php on line 57
Порты открыты такие
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
14534/tcp open unknown
27015/tcp open unknown
А што дальше, как залить шел? Спасибо за любую информациюю