FarhanFaisal

Last Sunday, UiTM held a Open Source Expo and National Hacking Competition. I was one of the participant

One of the challenge is to view the source code of a ASP file. I run nikto, and below is the result:

————————————————————————
root@budihost-box:~# perl /usr/bin/nikto.pl -h 192.168.0.3
---------------------------------------------------------------------------
- Nikto 1.32/1.23 - www.cirt.net
+ Target IP: 192.168.0.3
+ Target Hostname: 192.168.0.3
+ Target Port: 80
+ Start Time: Fri Aug 26 13:52:56 2005
---------------------------------------------------------------------------
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ IIS may reveal its internal IP in the Content-Location header. The value is "http://192.168.0.3/Default.htm". CAN-2000
-0649.
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is
allowed but a default page exists.
+ HTTP method 'SEARCH' may be used to get directory listings if Index Server is running.
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_s
creen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mir
ror/WhitePaper_screen.pdf for details (TRACK)
+ /scripts - Redirects to http://192.168.0.3/scripts/ , Remote scripts directory is browsable.
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists
' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170
is installed. MS00-006. (GET)
+ /NULL.printer - Internet Printing (IPP) is enabled. Some versions have a buffer overflow/DoS in Windows 2000 which al
lows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0.
Disabling the .printer mapping is recommended. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (
GET)
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (
GET)
+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbi
trary system commands, though a vulnerability in this version could not be confirmed. CAN-1999-1376. BID-2252. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a
DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
rDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
rDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_inf.html - FrontPage may be installed. (GET)
+ /login/ - This might be interesting... (GET)
+ /localstart.asp - Needs Auth: (realm "192.168.0.3")
+ /localstart.asp - This may be interesting... (GET)
+ 2645 items checked - 15 item(s) found on remote host(s)
+ End Time: Fri Aug 26 13:53:16 2005 (20 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
————————————————————————-
The server runs IIS 5, with source code dislosure vulnerability.

I didn’t notice that Metasploit Framework already have the exploit. The task should be more easy with Metasploit.

Happy Merdeka Day!!

Merdeka! Merdeka! still can be heard today. Last night IIUM students also celebrating Merdeka Day in the campus. Many peoples were there, students, lecturers and many other people around the area.

Just few hours before the 12 o’clock, i was in KL, lift a friend to PuduRaya, balik kampung
There were many people in KL last night. I saw a family with their children planning to celebrate Merdeka in KL. It makes me remember, I was never being outside at night during my young ages.

I still agree that we still cannot know the value of Merdeka, since we have already been in all the harmony, and have all the peaceful life. How can be protect our country, without knowing the value of independence?

Peace be among the warriors, who strive for our independence.

Auditor security linux, must try linux for anyone who interested in security aspects of networking and administration. Auditor provides full of application needed information gathering, vulnerability assesment, and many more.

The application have been arrange in categorical, so that you can go to specific application specific to what purpose. There are many more tools that not included in the category, you can search for it.

You can download it from here:

http://new.remote-exploit.org/index.php/Auditor_mirrors

As all of us wait and all the rumours spread, now Google come out with its new IM for its users, Google Talk.

All you need is just a Google account, and the client application. The application is just 900KB in size, and can be downloaded from here

The application is simple, small in size, and the file is all the software that you need. You dont need to redownload other program to use it. Google Talk support Voice Call with your buddies.

Download now, and start inviting your Google friends to your Buddy list!

This year, 2005, Budihost Web Hosting & Services will be the Technology Partner of IIUM Convocation Fiesta 2005.

We will be delivering content management of the official website. There’s some problem with the website, where we have to use IIUM server to host the website. The new policy this year disalow them to take other hosting provider to host their official website.

You can have a visit to their official website, http://www.iiu.edu.my/convest/.

The website is still under development. Need to have more modification on the design and features.

Last week was a great weekend, i went to Bekelah waterfall, in Maran, Pahang. Quite popular place for picnic and recreational activities, but its just me who didn’t noticed about that.

The program was organized by ARC (Adventure Club) of International Islamic University. The program just 2 days, and 2 nights.

We based at a point, where we have to walk around 2 hours to reach there. The route was quite difficult at the other end, where we have to walk through rocks, just besides the big streams of water. If we fall into the water with the heavy bags, I couldn’t imagine what to do.

The place was very nice, was very very very nice.. You should go there once in your life time. The camping site is quite small, its really tight enough for 80, our group. But the river have a big area to swim and having any activities like water confidence, river crossing and flyisng fox.

We plan to do flying fox, but we do not bring a static rope, we just have a dynamic rope. So, the plan just drowned

I’ll post some pictures after this, not ready yet.

Next week insya-Allah I’ll be there again, with ARC from IIUM matriculation center. wanna join me?

Here’s something for broadband people that will really speed Firefox up:

1.Type “about:config” into the address bar and hit return. Scroll down and look for the following entries:

network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set “network.http.pipelining” to “true”

Set “network.http.proxy.pipelining” to “true”

Set “network.http.pipelining.maxrequests” to some number like 30. This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0“. This value is the amount of time the browser waits before it acts on information it recieves.

If you’re using a broadband connection you’ll load pages MUCH faster now!

Quoted from http://www.freerepublic.com/focus/f-news/1299854/posts