4.0

More documents

Recommendations

Info

168 Web Application Penetration Testing x.y.z.{.|.}.~... 02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 0300: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00 ....#........... 0bd0: 00 00 00 00 00 00 00 00 00 12 7D 01 00 10 00 02 ..........}..... [-] Closing connection [-] Connecting to 127.0.0.1:443 using TLSv1.2 [-] Sending ClientHello [-] ServerHello received [-] Sending Heartbeat [Vulnerable] Heartbeat response was 16384 bytes instead of 3! 127.0.0.1:443 is vulnerable over TLSv1.2 [-] Displaying response (lines consisting entirely of null bytes are removed): 0000: 02 FF FF 08 03 03 53 48 73 F0 7C CA C1 D9 02 04 ...... SHs.|..... 0010: F2 1D 2D 49 F5 12 BF 40 1B 94 D9 93 E4 C4 F4 F0 ..- I...@........ 0020: D0 42 CD 44 A2 59 00 02 96 00 00 00 01 00 02 00 .B.D.Y.......... 0060: 1B 00 1C 00 1D 00 1E 00 1F 00 20 00 21 00 22 00 .......... .!.”. 0070: 23 00 24 00 25 00 26 00 27 00 28 00 29 00 2A 00 #.$.%.&.’.(.).*. 0080: 2B 00 2C 00 2D 00 2E 00 2F 00 30 00 31 00 32 00 +.,.- .../.0.1.2. 0090: 33 00 34 00 35 00 36 00 37 00 38 00 39 00 3A 00 3.4.5.6.7.8.9.:. 00a0: 3B 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 42 00 ;..?.@.A.B. 00b0: 43 00 44 00 45 00 46 00 60 00 61 00 62 00 63 00 C.D.E.F.`.a.b.c. 00c0: 64 00 65 00 66 00 67 00 68 00 69 00 6A 00 6B 00 d.e.f.g.h.i.j.k. 00d0: 6C 00 6D 00 80 00 81 00 82 00 83 00 84 00 85 00 l.m............. 01a0: 20 C0 21 C0 22 C0 23 C0 24 C0 25 C0 26 C0 27 C0 .!.”.#.$.%.&.’. 01b0: 28 C0 29 C0 2A C0 2B C0 2C C0 2D C0 2E C0 2F C0 (.).*.+.,.-.../. 01c0: 30 C0 31 C0 32 C0 33 C0 34 C0 35 C0 36 C0 37 C0 0.1.2.3.4.5.6.7. 01d0: 38 C0 39 C0 3A C0 3B C0 3C C0 3D C0 3E C0 3F C0 8.9.:.;..?. 01e0: 40 C0 41 C0 42 C0 43 C0 44 C0 45 C0 46 C0 47 C0 @.A.B.C.D.E.F.G. 01f0: 48 C0 49 C0 4A C0 4B C0 4C C0 4D C0 4E C0 4F C0 H.I.J.K.L.M.N.O. 0200: 50 C0 51 C0 52 C0 53 C0 54 C0 55 C0 56 C0 57 C0 P.Q.R.S.T.U.V.W. 0210: 58 C0 59 C0 5A C0 5B C0 5C C0 5D C0 5E C0 5F C0 X.Y.Z.[.\.].^._. 0220: 60 C0 61 C0 62 C0 63 C0 64 C0 65 C0 66 C0 67 C0 `.a.b.c.d.e.f.g. 0230: 68 C0 69 C0 6A C0 6B C0 6C C0 6D C0 6E C0 6F C0 h.i.j.k.l.m.n.o. 0240: 70 C0 71 C0 72 C0 73 C0 74 C0 75 C0 76 C0 77 C0 p.q.r.s.t.u.v.w. 0250: 78 C0 79 C0 7A C0 7B C0 7C C0 7D C0 7E C0 7F C0 x.y.z.{.|.}.~... 02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 0300: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00 ....#........... 0bd0: 00 00 00 00 00 00 00 00 00 12 7D 01 00 10 00 02 ..........}..... [-] Closing connection [!] Vulnerable to Heartbleed bug (CVE-2014-0160) mentioned in http:/heartbleed.com/ [!] Vulnerability Status: VULNERABLE ===================================== Loading module: CCS Injection script by TripWire VERT ... Checking localhost:443 for OpenSSL ChangeCipherSpec (CCS) Injection bug (CVE-2014-0224) ... [!] The target may allow early CCS on TLSv1.2 [!] The target may allow early CCS on TLSv1.1 [!] The target may allow early CCS on TLSv1 [!] The target may allow early CCS on SSLv3 [-] This is an experimental detection script and does not definitively determine vulnerable server status. [!] Potentially vulnerable to OpenSSL ChangeCipherSpec (CCS) Injection vulnerability (CVE-2014-0224) mentioned in http:/ ccsinjection.lepidum.co.jp/ [!] Vulnerability Status: Possible ===================================== Checking localhost:443 for HTTP Compression support against BREACH vulnerability (CVE-2013-3587) ... [*] HTTP Compression: DISABLED [*] Immune from BREACH attack mentioned in https:/media. blackhat.com/us-13/US-13-Prado-SSL-Gone-in-30-seconds- A-BREACH-beyond-CRIME-WP.pdf [*] Vulnerability Status: No
169 Web Application Penetration Testing --------------- RAW HTTP RESPONSE --------------- HTTP/1.1 200 OK Date: Wed, 23 Jul 2014 13:48:07 GMT Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 X-Powered-By: PHP/5.4.7 Set-Cookie: SessionID=xxx; expires=Wed, 23-Jul-2014 12:48:07 GMT; path=/; secure Set-Cookie: SessionChallenge=yyy; expires=Wed, 23-Jul-2014 12:48:07 GMT; path=/ Content-Length: 193 Connection: close Content-Type: text/html Login page ===================================== Checking localhost:443 for correct use of Strict Transport Security (STS) response header (RFC6797) ... [!] STS response header: NOT PRESENT [!] Vulnerable to MITM threats mentioned in https:/www.owasp. org/index.php/HTTP_Strict_Transport_Security#Threats [!] Vulnerability Status: VULNERABLE --------------- RAW HTTP RESPONSE --------------- HTTP/1.1 200 OK Date: Wed, 23 Jul 2014 13:48:07 GMT Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7 X-Powered-By: PHP/5.4.7 Set-Cookie: SessionID=xxx; expires=Wed, 23-Jul-2014 12:48:07 GMT; path=/; secure Set-Cookie: SessionChallenge=yyy; expires=Wed, 23-Jul-2014 12:48:07 GMT; path=/ Content-Length: 193 Connection: close Content-Type: text/html Login page ===================================== Checking localhost for HTTP support against HTTPS Stripping attack ... [!] HTTP Support on port [80] : SUPPORTED [!] Vulnerable to HTTPS Stripping attack mentioned in https:/ www.blackhat.com/presentations/bh-dc-09/Marlinspike/ BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf [!] Vulnerability Status: VULNERABLE ===================================== Checking localhost:443 for HTTP elements embedded in SSL page ... [!] HTTP elements embedded in SSL page: PRESENT [!] Vulnerable to MITM malicious content injection attack [!] Vulnerability Status: VULNERABLE --------------- HTTP RESOURCES EMBEDDED --------------- - http:/othersite/test.js - http:/somesite/test.css ===================================== Checking localhost:443 for ROBUST use of anti-caching mechanism ... [!] Cache Control Directives: NOT PRESENT [!] Browsers, Proxies and other Intermediaries will cache SSL page and sensitive information will be leaked. [!] Vulnerability Status: VULNERABLE ------------------------------------------------- Robust Solution: - Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0 - Ref: https:/www.owasp.org/index.php/Testing_for_ Browser_cache_weakness_(OTG-AUTHN-006) http:/msdn.microsoft.com/en-us/library/ ms533020(v=vs.85).aspx ===================================== Checking localhost:443 for Surf Jacking vulnerability (due to Session Cookie missing secure flag) ... [!] Secure Flag in Set-Cookie: PRESENT BUT NOT IN ALL COOK- IES [!] Vulnerable to Surf Jacking attack mentioned in https:/re-
Page 1 and 2:
1 Testing Guide 4.0 Project Leaders
Page 3 and 4:
Testing Guide Foreword - Table of c
Page 5 and 6:
3 Testing Guide Foreword - Table of
Page 7 and 8:
5 Testing Guide Foreword - By Eoin
Page 9 and 10:
7 Testing Guide Frontispiece 1 Test
Page 11 and 12:
9 Testing Guide Introduction 2 The
Page 13 and 14:
11 Testing Guide Introduction vide
Page 15 and 16:
13 Testing Guide Introduction Testi
Page 17 and 18:
15 Testing Guide Introduction laid
Page 19 and 20:
17 Testing Guide Introduction valid
Page 21 and 22:
19 Testing Guide Introduction USER
Page 23 and 24:
21 Testing Guide Introduction ment
Page 25 and 26:
23 Testing Guide Introduction offen
Page 27 and 28:
25 The OWASP Testing Framework sect
Page 29 and 30:
27 Web Application Penetration Test
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
101 Web Application Penetration Tes
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120: 117 Web Application Penetration Tes
Page 169: 167 Web Application Penetration Tes
Page 211 and 212: 209 same code can be applied to ses
Page 213 and 214: 211 Reporting Test ID Lowest versio
Page 215 and 216: 213 Reporting Test ID Business Logi
Page 217 and 218: 215 Appendix kajfghlhfkcocafkcjlajl
Page 219 and 220: 217 Appendix Testing - http:/www.ni
Page 221 and 222:
219 Cross Site Scripting (XSS) For
Page 223 and 224:
221 LDAP Injection For details on L
show all

4.0

Create successful ePaper yourself

Delete template?

Save as template?