Information Ghatering

Today I learned OWAPS in the first part of the Information Ghatering, as a material practice of the targeted web is a web that is my beloved campus www.akakom.ac.id
The following steps in the Internet Gathering :

IG-1 Testing: Spidert, Robots, and Crawlers
The first step of the Information Gathering is looking for information about robots.txt files that are on the target web.
The following ways can be used to test robots.txt
   www.akakom.ac.id/robots.txt/
from there we get the following information:

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/
Disallow: /xmlrpc/
from there we can know the various web directories that are in the target and not untouched by the search engine.
or can also use tools "wget" , with the following command :
   wget www.akakom.ac.id/robots.txt
following the results obtained :
--2011-06-02 15:51:05--  http://www.akakom.ac.id/robots.txt
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'

100%[=======================================>] 304         --.-K/s   in 0s     

2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]
--2011-06-02 15:51:05--  http://www.akakom.ac.id/robots.txt
Resolving www.akakom.ac.id... 110.76.151.4
Connecting to www.akakom.ac.id|110.76.151.4|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 304 [text/plain]
Saving to: `robots.txt.1'

100%[=======================================>] 304         --.-K/s   in 0s     

2011-06-02 15:51:05 (10.9 MB/s) - `robots.txt.1' saved [304/304]

IG-2 Search Engine Discovery/Reconnaissance
 to test at this stage we can use "site:" and "cache:" :
- site:akakom.ac.id
-cache:akakom.ac.id

IG-3: IDENTIFY APPLICATION ENTRY POINTS
The information will be collected at this stage is information about GET and POST from the web in request.
with the help burssuite tool we can find some of the parameters used :
http://www.akakom.ac.id/index.php?option=com_user&task=register
http://www.akakom.ac.id/index.php?option=com_user&lang=id

type            name               value
hidden        id      
text            username  
hidden   420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501420e5ae94547ed729efea92b27ae0501
password   password2
text             email
hidden        task         register_save
text             name
hidden        gid
password    password

Cookie : 69cb2eb0a19889c0e172765110b05475=mahm17jrehsu5ome4u2kd84411

IG-4: TESTING FOR WEB APPLICATION FINGERPRINT
At this stage tool commonly used to test the application serfer is netcat, the web can not all be tested using netcat as in the case that we experience today in which the web can not be tested using the netcat. so we use burpsuite. and the following information can we obtain:
HTTP/1.0 200 OK
Date: Fri, 03 Jun 2011 00:23:01 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Set-Cookie: 69cb2eb0a19889c0e172765110b05475=rehors6g9hiscmini148pkg1h5; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: akakom_tpl=akakom; expires=Wed, 23-May-2012 00:23:01 GMT; path=/
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Vary: User-Agent,Accept
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 03 Jun 2011 00:23:02 GMT
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
 
IG-5: PPLICATION DISCOVERY
to check for the existence of web applications on non-standard ports we use nmap
nmap -PN -sT -sV -p0-65535 110.76.151.2

Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-02 11:07 WIT
Nmap scan report for mail.akakom.ac.id (110.76.151.2)
Host is up (0.0039s latency).
Not shown: 44047 filtered ports, 21480 closed ports
PORT    STATE SERVICE     VERSION
22/tcp  open  ssh?
25/tcp  open  smtp?
53/tcp  open  domain      Mikrotik RouterOS named or OpenDNS Updater
80/tcp  open  http?
110/tcp open  pop3?
143/tcp open  imap?
587/tcp open  submission?
993/tcp open  imaps?
995/tcp open  pop3s? 

IG-6: ANALYSIS OF ERROR CODE
because telnet can not work on www.akakom.ac.id. then we are unable to obtain information about error code.

Comments

Post a Comment

Popular posts from this blog

Grabbing Proxy With Selenium and Python

Image
Selenium is automated browser that can be controlled by script. Selenium support for many programming language like Java, csharp, python, ruby, php, perl, and javascript. This simple script for grabbing proxy list from freeproxylist.net website created with python. 1. Install python selenium        # apt-get install python-pip        # pip install selenium 2. Download browser driver     Chrome : https://sites.google.com/a/chromium.org/chromedriver/downloads Edge : https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/ Firefox : https://github.com/mozilla/geckodriver/releases Safari : https://webkit.org/blog/6900/webdriver-support-in-safari-10/ Chose favorite browser you want. 3.  Run this script import os from selenium import webdriver from bs4 import BeautifulSoup from selenium.webdriver.common.keys import Keys chromedriver = "./chromedriver" # replace with your browser driver os.environ["webdriver.chrome.driver"] = chromed
Read more

Authorization Testing

Image
1. Testing for Path Traversal First, we test if it is possible to find a way to execute a path traversal attack and access reserved information About input vector: 2. Testing for bypassing authorization schema This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get access to reserved functions/resources. 3. Testing for Privilege Escalation During this phase, the tester should verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow privilege escalation attacks.
Read more

Bypass HTML Field Restrictions

This time I learn about Bypass HTML Field Restrictions. I bypass the html form . In order to pass this lesson , I must submit the form with each field containing the value of unallowed . I have to submit an invalid value for all six fields in one delivery form provided . that is : select field which has two choices , radio button which has two choices , input field which retricted to 5 character, and disableinput field with a form that can not be filled . And this some way that I have tried to bypass it : First I submibt that form as usual and I did not find any change Then I tried to intercept request by webscarab, I change values that not provided there. but I not find any changes too. I studied again after it there are only 5 fields in the request when the procedure mentioned there are 6 fields . then I add a new field that is itself disableinput field , the parameter I get from the source web page . but I not find
Read more