1BO4r2U
1BO4r2U
1BO4r2U
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
165 166<br />
Web Application Penetration Testing<br />
Web Application Penetration Testing<br />
0070: 23 00 24 00 25 00 26 00 27 00 28 00 29 00 2A 00<br />
#.$.%.&.’.(.).*.<br />
0080: 2B 00 2C 00 2D 00 2E 00 2F 00 30 00 31 00 32 00<br />
+.,.-.../.0.1.2.<br />
0090: 33 00 34 00 35 00 36 00 37 00 38 00 39 00 3A 00<br />
3.4.5.6.7.8.9.:.<br />
00a0: 3B 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 42 00<br />
;..?.@.A.B.<br />
00b0: 43 00 44 00 45 00 46 00 60 00 61 00 62 00 63 00<br />
C.D.E.F.`.a.b.c.<br />
00c0: 64 00 65 00 66 00 67 00 68 00 69 00 6A 00 6B 00<br />
d.e.f.g.h.i.j.k.<br />
00d0: 6C 00 6D 00 80 00 81 00 82 00 83 00 84 00 85 00<br />
l.m.............<br />
01a0: 20 C0 21 C0 22 C0 23 C0 24 C0 25 C0 26 C0 27 C0<br />
.!.”.#.$.%.&.’.<br />
01b0: 28 C0 29 C0 2A C0 2B C0 2C C0 2D C0 2E C0 2F C0<br />
(.).*.+.,.-.../.<br />
01c0: 30 C0 31 C0 32 C0 33 C0 34 C0 35 C0 36 C0 37 C0<br />
0.1.2.3.4.5.6.7.<br />
01d0: 38 C0 39 C0 3A C0 3B C0 3C C0 3D C0 3E C0 3F C0<br />
8.9.:.;..?.<br />
01e0: 40 C0 41 C0 42 C0 43 C0 44 C0 45 C0 46 C0 47 C0<br />
@.A.B.C.D.E.F.G.<br />
01f0: 48 C0 49 C0 4A C0 4B C0 4C C0 4D C0 4E C0 4F C0<br />
H.I.J.K.L.M.N.O.<br />
0200: 50 C0 51 C0 52 C0 53 C0 54 C0 55 C0 56 C0 57 C0<br />
P.Q.R.S.T.U.V.W.<br />
0210: 58 C0 59 C0 5A C0 5B C0 5C C0 5D C0 5E C0 5F C0<br />
X.Y.Z.[.\.].^._.<br />
0220: 60 C0 61 C0 62 C0 63 C0 64 C0 65 C0 66 C0 67 C0<br />
`.a.b.c.d.e.f.g.<br />
0230: 68 C0 69 C0 6A C0 6B C0 6C C0 6D C0 6E C0 6F C0<br />
h.i.j.k.l.m.n.o.<br />
0240: 70 C0 71 C0 72 C0 73 C0 74 C0 75 C0 76 C0 77 C0<br />
p.q.r.s.t.u.v.w.<br />
0250: 78 C0 79 C0 7A C0 7B C0 7C C0 7D C0 7E C0 7F C0<br />
x.y.z.{.|.}.~...<br />
02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00<br />
..I...........4.<br />
02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00<br />
2...............<br />
0300: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00<br />
....#...........<br />
0bd0: 00 00 00 00 00 00 00 00 00 12 7D 01 00 10 00 02<br />
..........}.....<br />
[-] Closing connection<br />
[-] Connecting to 127.0.0.1:443 using TLSv1.1<br />
[-] Sending ClientHello<br />
[-] ServerHello received<br />
[-] Sending Heartbeat<br />
[Vulnerable] Heartbeat response was 16384 bytes instead of<br />
3! 127.0.0.1:443 is vulnerable over TLSv1.1<br />
[-] Displaying response (lines consisting entirely of null bytes<br />
are removed):<br />
0000: 02 FF FF 08 03 02 53 48 73 F0 7C CA C1 D9 02 04 ......<br />
.SHs.|.....<br />
0010: F2 1D 2D 49 F5 12 BF 40 1B 94 D9 93 E4 C4 F4 F0<br />
..-I...@........<br />
0020: D0 42 CD 44 A2 59 00 02 96 00 00 00 01 00 02 00<br />
.B.D.Y..........<br />
0060: 1B 00 1C 00 1D 00 1E 00 1F 00 20 00 21 00 22 00<br />
.......... .!.”.<br />
0070: 23 00 24 00 25 00 26 00 27 00 28 00 29 00 2A 00<br />
#.$.%.&.’.(.).*.<br />
0080: 2B 00 2C 00 2D 00 2E 00 2F 00 30 00 31 00 32 00<br />
+.,.-.../.0.1.2.<br />
0090: 33 00 34 00 35 00 36 00 37 00 38 00 39 00 3A 00<br />
3.4.5.6.7.8.9.:.<br />
00a0: 3B 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 42 00<br />
;..?.@.A.B.<br />
00b0: 43 00 44 00 45 00 46 00 60 00 61 00 62 00 63 00<br />
C.D.E.F.`.a.b.c.<br />
00c0: 64 00 65 00 66 00 67 00 68 00 69 00 6A 00 6B 00<br />
d.e.f.g.h.i.j.k.<br />
00d0: 6C 00 6D 00 80 00 81 00 82 00 83 00 84 00 85 00<br />
l.m.............<br />
01a0: 20 C0 21 C0 22 C0 23 C0 24 C0 25 C0 26 C0 27 C0<br />
.!.”.#.$.%.&.’.<br />
01b0: 28 C0 29 C0 2A C0 2B C0 2C C0 2D C0 2E C0 2F C0<br />
(.).*.+.,.-.../.<br />
01c0: 30 C0 31 C0 32 C0 33 C0 34 C0 35 C0 36 C0 37 C0<br />
0.1.2.3.4.5.6.7.<br />
01d0: 38 C0 39 C0 3A C0 3B C0 3C C0 3D C0 3E C0 3F C0<br />
8.9.:.;..?.<br />
01e0: 40 C0 41 C0 42 C0 43 C0 44 C0 45 C0 46 C0 47 C0<br />
@.A.B.C.D.E.F.G.<br />
01f0: 48 C0 49 C0 4A C0 4B C0 4C C0 4D C0 4E C0 4F C0<br />
H.I.J.K.L.M.N.O.<br />
0200: 50 C0 51 C0 52 C0 53 C0 54 C0 55 C0 56 C0 57 C0<br />
P.Q.R.S.T.U.V.W.<br />
0210: 58 C0 59 C0 5A C0 5B C0 5C C0 5D C0 5E C0 5F C0<br />
X.Y.Z.[.\.].^._.<br />
0220: 60 C0 61 C0 62 C0 63 C0 64 C0 65 C0 66 C0 67 C0<br />
`.a.b.c.d.e.f.g.<br />
0230: 68 C0 69 C0 6A C0 6B C0 6C C0 6D C0 6E C0 6F C0<br />
h.i.j.k.l.m.n.o.<br />
0240: 70 C0 71 C0 72 C0 73 C0 74 C0 75 C0 76 C0 77 C0<br />
p.q.r.s.t.u.v.w.<br />
0250: 78 C0 79 C0 7A C0 7B C0 7C C0 7D C0 7E C0 7F C0<br />
x.y.z.{.|.}.~...<br />
02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00<br />
..I...........4.<br />
02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00<br />
2...............<br />
0300: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00<br />
....#...........<br />
0bd0: 00 00 00 00 00 00 00 00 00 12 7D 01 00 10 00 02<br />
..........}.....<br />
[-] Closing connection<br />
[-] Connecting to 127.0.0.1:443 using TLSv1.2<br />
[-] Sending ClientHello<br />
[-] ServerHello received<br />
[-] Sending Heartbeat<br />
[Vulnerable] Heartbeat response was 16384 bytes instead of<br />
3! 127.0.0.1:443 is vulnerable over TLSv1.2<br />
[-] Displaying response (lines consisting entirely of null bytes<br />
are removed):<br />
0000: 02 FF FF 08 03 03 53 48 73 F0 7C CA C1 D9 02 04 ......<br />
SHs.|.....<br />
0010: F2 1D 2D 49 F5 12 BF 40 1B 94 D9 93 E4 C4 F4 F0<br />
..-I...@........<br />
0020: D0 42 CD 44 A2 59 00 02 96 00 00 00 01 00 02 00<br />
.B.D.Y..........<br />
0060: 1B 00 1C 00 1D 00 1E 00 1F 00 20 00 21 00 22 00<br />
.......... .!.”.<br />
0070: 23 00 24 00 25 00 26 00 27 00 28 00 29 00 2A 00<br />
#.$.%.&.’.(.).*.<br />
0080: 2B 00 2C 00 2D 00 2E 00 2F 00 30 00 31 00 32 00<br />
+.,.-.../.0.1.2.<br />
0090: 33 00 34 00 35 00 36 00 37 00 38 00 39 00 3A 00<br />
3.4.5.6.7.8.9.:.<br />
00a0: 3B 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 42 00<br />
;..?.@.A.B.<br />
00b0: 43 00 44 00 45 00 46 00 60 00 61 00 62 00 63 00<br />
C.D.E.F.`.a.b.c.<br />
00c0: 64 00 65 00 66 00 67 00 68 00 69 00 6A 00 6B 00<br />
d.e.f.g.h.i.j.k.<br />
00d0: 6C 00 6D 00 80 00 81 00 82 00 83 00 84 00 85 00<br />
l.m.............<br />
01a0: 20 C0 21 C0 22 C0 23 C0 24 C0 25 C0 26 C0 27 C0<br />
.!.”.#.$.%.&.’.<br />
01b0: 28 C0 29 C0 2A C0 2B C0 2C C0 2D C0 2E C0 2F C0<br />
(.).*.+.,.-.../.<br />
01c0: 30 C0 31 C0 32 C0 33 C0 34 C0 35 C0 36 C0 37 C0<br />
0.1.2.3.4.5.6.7.<br />
01d0: 38 C0 39 C0 3A C0 3B C0 3C C0 3D C0 3E C0 3F C0<br />
8.9.:.;..?.<br />
01e0: 40 C0 41 C0 42 C0 43 C0 44 C0 45 C0 46 C0 47 C0<br />
@.A.B.C.D.E.F.G.<br />
01f0: 48 C0 49 C0 4A C0 4B C0 4C C0 4D C0 4E C0 4F C0<br />
H.I.J.K.L.M.N.O.<br />
0200: 50 C0 51 C0 52 C0 53 C0 54 C0 55 C0 56 C0 57 C0<br />
P.Q.R.S.T.U.V.W.<br />
0210: 58 C0 59 C0 5A C0 5B C0 5C C0 5D C0 5E C0 5F C0<br />
X.Y.Z.[.\.].^._.<br />
0220: 60 C0 61 C0 62 C0 63 C0 64 C0 65 C0 66 C0 67 C0<br />
`.a.b.c.d.e.f.g.<br />
0230: 68 C0 69 C0 6A C0 6B C0 6C C0 6D C0 6E C0 6F C0<br />
h.i.j.k.l.m.n.o.<br />
0240: 70 C0 71 C0 72 C0 73 C0 74 C0 75 C0 76 C0 77 C0<br />
p.q.r.s.t.u.v.w.<br />
0250: 78 C0 79 C0 7A C0 7B C0 7C C0 7D C0 7E C0 7F C0<br />
x.y.z.{.|.}.~...<br />
02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00<br />
..I...........4.<br />
02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00<br />
2...............<br />
0300: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00<br />
....#...........<br />
0bd0: 00 00 00 00 00 00 00 00 00 12 7D 01 00 10 00 02<br />
..........}.....<br />
[-] Closing connection<br />
[!] Vulnerable to Heartbleed bug (CVE-2014-0160) mentioned<br />
in http:/heartbleed.com/<br />
[!] Vulnerability Status: VULNERABLE<br />
=====================================<br />
Loading module: CCS Injection script by TripWire VERT ...<br />
Checking localhost:443 for OpenSSL ChangeCipherSpec (CCS)<br />
Injection bug (CVE-2014-0224) ...<br />
[!] The target may allow early CCS on TLSv1.2<br />
[!] The target may allow early CCS on TLSv1.1<br />
[!] The target may allow early CCS on TLSv1<br />
[!] The target may allow early CCS on SSLv3<br />
[-] This is an experimental detection script and does not definitively<br />
determine vulnerable server status.<br />
[!] Potentially vulnerable to OpenSSL ChangeCipherSpec (CCS)<br />
Injection vulnerability (CVE-2014-0224) mentioned in http:/<br />
ccsinjection.lepidum.co.jp/<br />
[!] Vulnerability Status: Possible<br />
=====================================<br />
Checking localhost:443 for HTTP Compression support<br />
against BREACH vulnerability (CVE-2013-3587) ...<br />
[*] HTTP Compression: DISABLED<br />
[*] Immune from BREACH attack mentioned in https:/media.<br />
blackhat.com/us-13/US-13-Prado-SSL-Gone-in-30-seconds-A-BREACH-beyond-CRIME-WP.pdf<br />
[*] Vulnerability Status: No<br />
--------------- RAW HTTP RESPONSE ---------------<br />
HTTP/1.1 200 OK<br />
Date: Wed, 23 Jul 2014 13:48:07 GMT<br />
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7<br />
X-Powered-By: PHP/5.4.7<br />
Set-Cookie: SessionID=xxx; expires=Wed, 23-Jul-2014<br />
12:48:07 GMT; path=/; secure<br />
Set-Cookie: SessionChallenge=yyy; expires=Wed, 23-Jul-<br />
2014 12:48:07 GMT; path=/<br />
Content-Length: 193<br />
Connection: close<br />
Content-Type: text/html
Change language