CSC/ECE 517 Spring 2014/security audit

From Expertiza_Wiki
Revision as of 07:20, 21 April 2014 by Drfarrel (talk | contribs) (Added basic nmap scans, better formatting)
Jump to navigation Jump to search

Overview

This page will document a security audit of Expertiza.

Scans

Basic server info

[~]$ nslookup http://expertiza.ncsu.edu
Server:		209.18.47.61
Address:	209.18.47.61#53

Non-authoritative answer:
Name:	http://expertiza.ncsu.edu
Address: 198.105.251.210
Name:	http://expertiza.ncsu.edu
Address: 66.152.109.110

Nmap scans

[~]$ nmap -Pn 66.152.109.110                                                               3:18:22

Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT
Nmap scan report for 66-152-109-110.tvc-ip.com (66.152.109.110)
Host is up (0.038s latency).
Not shown: 998 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 7.26 seconds
[~]$ nmap -Pn 198.105.251.210                                                              3:18:43

Starting Nmap 6.40 ( http://nmap.org ) at 2014-04-21 03:18 EDT
Nmap scan report for 198.105.251.210
Host is up (0.058s latency).
Not shown: 998 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 6.36 seconds

Metasploit wmap

[~]$ msfconsole

       =[ metasploit v4.9.2-2014040906 [core:4.9 api:1.0] ]
+ -- --=[ 1299 exploits - 791 auxiliary - 217 post ]
+ -- --=[ 334 payloads - 35 encoders - 8 nops      ]

msf > load wmap

.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] ===  et [  ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > wmap_sites -a http://expertiza.ncsu.edu/
[*] Site created.
msf > wmap_sites -l
[*] Available sites
===============

     Id  Host            Vhost           Port  Proto  # Pages  # Forms
     --  ----            -----           ----  -----  -------  -------
     0   152.14.105.146  152.14.105.146  80    http   0        0
msf > wmap_targets -t http://152.14.105.146/home.html
msf > wmap_targets -t http://152.14.105.146/home
msf > wmap_targets -l
[*] Defined targets
===============

     Id  Vhost           Host            Port  SSL    Path
     --  -----           ----            ----  ---    ----
     0   152.14.105.146  152.14.105.146  80    false	/home.html
     1   152.14.105.146  152.14.105.146  80    false	/home
msf > wmap_run -t
[*] Testing target:
[*] 	Site: 152.14.105.146 (152.14.105.146)
[*] 	Port: 80 SSL: false
============================================================
[*] Testing started. 2014-04-21 02:33:20 -0400
[*] Loading wmap modules...
msf > wmap_run 
[*] 39 wmap enabled modules loaded.
<snip>
[*] Done.
msf > wmap_vulns -l
msf > # No vuls discovered
Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2014/security_audit&oldid=84555"