Information Ghatering
Today I learned OWAPS in the first part of the Information Ghatering, as a material practice of the targeted web is a web that is my beloved campus www.akakom.ac.id
The following steps in the Internet Gathering :
IG-1 Testing: Spidert, Robots, and Crawlers
The first step of the Information Gathering is looking for information about robots.txt files that are on the target web.
The following ways can be used to test robots.txt:
www.akakom.ac.id/robots.txt/
from there we get the following information:
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'
100%[=======================================>] 304 --.-K/s in 0s
2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]
--2011-06-02 15:51:05-- http://www.akakom.ac.id/robots.txt
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'
100%[=======================================>] 304 --.-K/s in 0s
2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]
The following steps in the Internet Gathering :
IG-1 Testing: Spidert, Robots, and Crawlers
The first step of the Information Gathering is looking for information about robots.txt files that are on the target web.
The following ways can be used to test robots.txt:
www.akakom.ac.id/robots.txt/
from there we get the following information:
User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/
Disallow: /xmlrpc/
from there we can know the various web directories that are in the target and not untouched by the search engine.
from there we can know the various web directories that are in the target and not untouched by the search engine.
or can also use tools "wget" , with the following command :
wget www.akakom.ac.id/robots.txt
following the results obtained :
--2011-06-02 15:51:05-- http://www.akakom.ac.id/robots.txtResolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'
100%[=======================================>] 304 --.-K/s in 0s
2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]
--2011-06-02 15:51:05-- http://www.akakom.ac.id/robots.txt
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'
100%[=======================================>] 304 --.-K/s in 0s
2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]
IG-2 Search Engine Discovery/Reconnaissance
-cache:akakom.ac.id
http://www.akakom.ac.id/index.php?option=com_user&task=register
http://www.akakom.ac.id/index.php?option=com_user&lang=id
type name value
hidden id
text username
hidden 420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501
password password2
text email
hidden task register_save
text name
hidden gid
password password
Cookie : 69cb2eb0a19889c0e172765110b05475=mahm17jrehsu5ome4u2kd84411
Date: Fri, 03 Jun 2011 00:23:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Set-Cookie: 69cb2eb0a19889c0e172765110b05475=rehors6g9hiscmini148pkg1h5; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: akakom_tpl=akakom; expires=Wed, 23-May-2012 00:23:01 GMT; path=/
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: User-Agent,Accept
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 03 Jun 2011 00:23:02 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
nmap -PN -sT -sV -p0-65535 110.76.151.2
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-02 11:07 WIT
Nmap scan report for mail.akakom.ac.id (110.76.151.2)
Host is up (0.0039s latency).
Not shown: 44047 filtered ports, 21480 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh?
25/tcp open smtp?
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http?
110/tcp open pop3?
143/tcp open imap?
587/tcp open submission?
993/tcp open imaps?
995/tcp open pop3s?
to test at this stage we can use "site:" and "cache:" :
- site:akakom.ac.id -cache:akakom.ac.id
IG-3: IDENTIFY APPLICATION ENTRY POINTS
The information will be collected at this stage is information about GET and POST from the web in request.
with the help burssuite tool we can find some of the parameters used : http://www.akakom.ac.id/index.php?option=com_user&task=register
http://www.akakom.ac.id/index.php?option=com_user&lang=id
type name value
hidden id
text username
hidden 420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501
password password2
text email
hidden task register_save
text name
hidden gid
password password
Cookie : 69cb2eb0a19889c0e172765110b05475=mahm17jrehsu5ome4u2kd84411
IG-4: TESTING FOR WEB APPLICATION FINGERPRINT
At this stage tool commonly used to test the application serfer is netcat, the web can not all be tested using netcat as in the case that we experience today in which the web can not be tested using the netcat. so we use burpsuite. and the following information can we obtain:
HTTP/1.0 200 OKDate: Fri, 03 Jun 2011 00:23:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Set-Cookie: 69cb2eb0a19889c0e172765110b05475=rehors6g9hiscmini148pkg1h5; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: akakom_tpl=akakom; expires=Wed, 23-May-2012 00:23:01 GMT; path=/
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: User-Agent,Accept
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 03 Jun 2011 00:23:02 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
IG-5: PPLICATION DISCOVERY
to check for the existence of web applications on non-standard ports we use nmapnmap -PN -sT -sV -p0-65535 110.76.151.2
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-02 11:07 WIT
Nmap scan report for mail.akakom.ac.id (110.76.151.2)
Host is up (0.0039s latency).
Not shown: 44047 filtered ports, 21480 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh?
25/tcp open smtp?
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http?
110/tcp open pop3?
143/tcp open imap?
587/tcp open submission?
993/tcp open imaps?
995/tcp open pop3s?
IG-6: ANALYSIS OF ERROR CODE
because telnet can not work on www.akakom.ac.id. then we are unable to obtain information about error code.
Comments
Post a Comment