CSC/ECE 517 Spring 2014/security audit
Overview
This page will document a security audit of Expertiza.
Scans
Basic server info
[~]$ nslookup http://expertiza.ncsu.edu Server: 209.18.47.61 Address: 209.18.47.61#53
Non-authoritative answer: Name: http://expertiza.ncsu.edu Address: 198.105.251.210 Name: http://expertiza.ncsu.edu Address: 66.152.109.110
Metasploit wmap
[~]$ msfconsole =[ metasploit v4.9.2-2014040906 [core:4.9 api:1.0] ] + -- --=[ 1299 exploits - 791 auxiliary - 217 post ] + -- --=[ 334 payloads - 35 encoders - 8 nops ] msf > load wmap .-.-.-..-.-.-..---..---. | | | || | | || | || |-' `-----'`-'-'-'`-^-'`-' [WMAP 1.5.1] === et [ ] metasploit.com 2012 [*] Successfully loaded plugin: wmap msf > wmap_sites -a http://expertiza.ncsu.edu/ [*] Site created. msf > wmap_sites -l [*] Available sites =============== Id Host Vhost Port Proto # Pages # Forms -- ---- ----- ---- ----- ------- ------- 0 152.14.105.146 152.14.105.146 80 http 0 0 msf > wmap_targets -t http://152.14.105.146/home.html msf > wmap_targets -t http://152.14.105.146/home msf > wmap_targets -l [*] Defined targets =============== Id Vhost Host Port SSL Path -- ----- ---- ---- --- ---- 0 152.14.105.146 152.14.105.146 80 false /home.html 1 152.14.105.146 152.14.105.146 80 false /home msf > wmap_run -t [*] Testing target: [*] Site: 152.14.105.146 (152.14.105.146) [*] Port: 80 SSL: false ============================================================ [*] Testing started. 2014-04-21 02:33:20 -0400 [*] Loading wmap modules... msf > wmap_run [*] 39 wmap enabled modules loaded. <snip> [*] Done. msf > wmap_vulns -l msf > # No vuls discovered