CSC/ECE 517 Spring 2014/security audit: Difference between revisions
Jump to navigation
Jump to search
(Added nslookup results) |
(Added basic nmap scans, better formatting) |
||
| Line 7: | Line 7: | ||
== Basic server info == | == Basic server info == | ||
<pre> | |||
[~]$ nslookup http://expertiza.ncsu.edu | [~]$ nslookup http://expertiza.ncsu.edu | ||
Server: 209.18.47.61 | Server: 209.18.47.61 | ||
| Line 16: | Line 17: | ||
Name: http://expertiza.ncsu.edu | Name: http://expertiza.ncsu.edu | ||
Address: 66.152.109.110 | Address: 66.152.109.110 | ||
</pre> | |||
== Nmap scans == | |||
<pre> | |||
[~]$ nmap -Pn 66.152.109.110 3:18:22 | |||
Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT | |||
Nmap scan report for 66-152-109-110.tvc-ip.com (66.152.109.110) | |||
Host is up (0.038s latency). | |||
Not shown: 998 filtered ports | |||
PORT STATE SERVICE | |||
80/tcp open http | |||
443/tcp closed https | |||
Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds | |||
[~]$ nmap -Pn 198.105.251.210 3:18:43 | |||
Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT | |||
Nmap scan report for 198.105.251.210 | |||
Host is up (0.058s latency). | |||
Not shown: 998 filtered ports | |||
PORT STATE SERVICE | |||
80/tcp open http | |||
443/tcp closed https | |||
Nmap done: 1 IP address (1 host up) scanned in 6.36 seconds | |||
</pre> | |||
== Metasploit wmap == | == Metasploit wmap == | ||
Revision as of 07:20, 21 April 2014
Overview
This page will document a security audit of Expertiza.
Scans
Basic server info
[~]$ nslookup http://expertiza.ncsu.edu Server: 209.18.47.61 Address: 209.18.47.61#53 Non-authoritative answer: Name: http://expertiza.ncsu.edu Address: 198.105.251.210 Name: http://expertiza.ncsu.edu Address: 66.152.109.110
Nmap scans
[~]$ nmap -Pn 66.152.109.110 3:18:22 Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT Nmap scan report for 66-152-109-110.tvc-ip.com (66.152.109.110) Host is up (0.038s latency). Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp closed https Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds [~]$ nmap -Pn 198.105.251.210 3:18:43 Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT Nmap scan report for 198.105.251.210 Host is up (0.058s latency). Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp closed https Nmap done: 1 IP address (1 host up) scanned in 6.36 seconds
Metasploit wmap
[~]$ msfconsole
=[ metasploit v4.9.2-2014040906 [core:4.9 api:1.0] ]
+ -- --=[ 1299 exploits - 791 auxiliary - 217 post ]
+ -- --=[ 334 payloads - 35 encoders - 8 nops ]
msf > load wmap
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -a http://expertiza.ncsu.edu/
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 152.14.105.146 152.14.105.146 80 http 0 0
msf > wmap_targets -t http://152.14.105.146/home.html
msf > wmap_targets -t http://152.14.105.146/home
msf > wmap_targets -l
[*] Defined targets
===============
Id Vhost Host Port SSL Path
-- ----- ---- ---- --- ----
0 152.14.105.146 152.14.105.146 80 false /home.html
1 152.14.105.146 152.14.105.146 80 false /home
msf > wmap_run -t
[*] Testing target:
[*] Site: 152.14.105.146 (152.14.105.146)
[*] Port: 80 SSL: false
============================================================
[*] Testing started. 2014-04-21 02:33:20 -0400
[*] Loading wmap modules...
msf > wmap_run
[*] 39 wmap enabled modules loaded.
<snip>
[*] Done.
msf > wmap_vulns -l
msf > # No vuls discovered