Kali Linux: nikto Check DVWA (en)

From OnnoWiki
Jump to navigation Jump to search

Nikto is an Open Source web server scanner (GPL) that performs comprehensive tests on web servers for multiple items, including more than 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific issues on more than 270 servers. Nikto also checks server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web server and software. Scan items and plugins are frequently updated and can be updated automatically.

Nikto is not designed as a stealth tool. Nikto will test web servers in the fastest time possible, and it is clearly visible in log files or to IPS/IDS. However, there is support for LibWhisker's anti-IDS methods if you want to try them (or test your IDS system).

Not every check is a security issue, although most are. There are some checks that are "information only" type checks that look for things that might not have security vulnerabilities, but which a webmaster or security technician might not be aware of on the server. These items are usually marked correctly in the printed information. There are also some checks for unknown items that have been seen scanned into log files.

Check

nikto --host http://192.168.0.100/DVWA-1.9/
nikto -C all --host http://192.168.0.100/DVWA-1.9/

```

Results

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.0.100
+ Target Hostname:    192.168.0.100
+ Target Port:        80
+ Start Time:         2017-04-04 05:45:21 (GMT7)
---------------------------------------------------------------------------
+ Server: Apache/2.4.18 (Ubuntu)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Cookie PHPSESSID created without the httponly flag
+ Root page / redirects to: login.php
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Server leaks inodes via ETags, header found with file /DVWA-1.9/robots.txt, fields: 0x1a 0x52156c6a290c0 
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS 
+ OSVDB-3268: /DVWA-1.9/config/: Directory indexing found.
+ /DVWA-1.9/config/: Configuration information may be available remotely.
+ OSVDB-3268: /DVWA-1.9/docs/: Directory indexing found.
+ /DVWA-1.9/login.php: Admin login page/section found.
+ 7535 requests: 0 error(s) and 10 item(s) reported on remote host
+ End Time:           2017-04-04 05:45:40 (GMT7) (19 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested

Interesting

DVWA-1.9/config/

For Potential Exploitation

For instance, if the server administrator edits the config.inc.php file: 

cd /var/www/html/DVWA-1.9/config/
cp config.inc.php config.inc.php.bak
vi config.inc.php

If the .bak file is forgotten, then this file can be retrieved :) .. or some editors leave traces like: 

.config.inc.php
config.inc.php~

especially the ~ file can be retrieved from outside.

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Kali_Linux:_nikto_Check_DVWA_(en)&oldid=71372"