Jika anda sudah menginstall ActivePerl ke komputer anda, maka masuk ke C:\Perl\Bin jika anda menginstall ke drive C dan D:\Perl\Bin jika anda menginstall di drive D, lalu Download Nikto, dengan masuk ke alamat url http://smg-familycode.co.nr/nikto.zip, disini tutorial ini penulis mengextractnya ke D:\Perl\Bin\nikto-1.35 setelah itu kita masuk MS-DOS, lalu masuk ke directory D:\Perl\Bin\nikto-1.35.
Setelah itu untuk melihat source nikto.pl maka gunakan perintah : edit nikto.pl anda akan melihat source lebih rapi dibandingkan dengan notepad, setelah itu kita kembali ke MS-DOS untuk menjalan source nikto ini. Sekarang kita siapkan target, disini kita install saja PHPTriad setelah itu kita jalankan APACHE-nya, lalu masuk ke browser kita masukkan url http://localhost.
Ok, Webserver sudah aktif, kita kembali yang Nikto tadi, setelah kembali ke MS- DOS prompt penulis masukkan perintah perl nikto.pl -h localhost di D:\perl\bin\nikto-1.35.
Hasil :
D:\perl\bin\nikto-1.35>perl nikto.pl -h localhost -***** SSL support not available (see docs for SSL install instructions) ***** --------------------------------------------------------------------------- - Nikto 1.35/1.34 - www.cirt.net + Target IP: 127.0.0.1 + Target Hostname: localhost + Target Port: 80 + Start Time: Sun Jan 29 17:05:15 2006 --------------------------------------------------------------------------- - Scan is dependent on "Server" string which can be faked, use -g to override + Server: Apache/1.3.14 (Win32) - Retrieved X-Powered-By header: PHP/4.0.5 + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE + HTTP method 'TRACE' is typically only used for debugging. It should be disabled. OSVDB- 877. + PHP/4.0.5 appears to be outdated (current is at least 5.0.3) + Apache/1.3.14 appears to be outdated (current is at least Apache/2.0.54). Apac he 1.3.33 is still maintained and considered secure. + Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.29 are vulnerable to overflows inmod_rewrite and mod_cgi. CAN-2003-0542. + Apache/1.3.14 (Win32) - Apache 1.3 below 1.3.27 are vulnerable to a local buff er overflow which allows attackers to kill any process on the system. CAN-2002-0839. + Apache/1.3.14 (Win32) - Apache 1.x up 1.2.34 are vulnerable to a remote DoS and possible code execution. CAN-2002-0392. + /php/php.exe?c:\boot.ini - The Apache config allows php.exe to be called directly. (GET) + / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE) + /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentiallysensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET) + /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET) + /index.php?top_message=<script>alert(document.cookie)</script> - Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /phpinfo.php?VARIABLE=<script>alert('Vulnerable')</script> - Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET) + /phpinfo.php - Contains PHP configuration information (GET) + /phpmyadmin/ - This might be interesting... (GET) + /phpMyAdmin/ - This might be interesting... (GET) + /test/ - This might be interesting... (GET) + /index.php?base=test%20 - This might be interesting... has been seen in web lo gs from an unknown scanner. (GET) + /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) +/index.php?topic=&lt;script&gt;alert(document.cookie)&lt;/script&gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET) + 2563 items checked - 19 item(s) found on remote host(s) + End Time: Sun Jan 29 17:09:54 2006 (279 seconds) --------------------------------------------------------------------------- + 1 host(s) tested
selain itu terserah anda ingin memberitahukan bugnya kepada admin atau ingin menyerang webserver dengan bug yang sudah tampil diatas, selamat mencoba.
No Comment.