Академический Документы
Профессиональный Документы
Культура Документы
Web
Server Assessment
With
Nikto & N-Stealth
(1 August, 2004)
Linux/Windows Lab
1
January 24, 2002 Copyright 2002 All Rights Reserved
Laboratory Overview
This laboratory will be composed of two parts.
Part One will involve installing and using Nikto on a
Linux system. Nikto can be downloaded from
www.cirt.net.
Part Two will involve installing and using N-Stealth
on a Windows system. N-Stealth can be downloaded from
www.nstalker.com.
Laboratory Objective
The student will be able to
(1). Understand the purpose of automated tools to assess
Web Server vulnerabilities.
(2). Understand how to install and use Nikto, an automated
Web Server assessment tool.
(3). Understand how to install and use N-Stealth, an
automated Web server assessment tool.
Class Preparation
(1) The student should review the lecture associated with
Web server vulnerabilities.
(2) The student should review this laboratory.
2
January 24, 2002 Copyright 2002 All Rights Reserved
Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan
possible, and it's fairly obvious in log files. However, there is support for LibWhisker's anti-IDS
methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are "info only" type
checks that look for items that may not have a security flaw, but the webmaster or security engineer
may not know are present on the server. These items are usually marked appropriately in the
information printed. There are also some checks for unknown items which have been seen scanned for
in log files.
3
January 24, 2002 Copyright 2002 All Rights Reserved
4
January 24, 2002 Copyright 2002 All Rights Reserved
5
January 24, 2002 Copyright 2002 All Rights Reserved
IDS evasion techniques. This enables the intrusion detection evasion in LibWhisker. Multiple
options can be used by stringing the numbers together, i.e. to enable methods 1 and 5, use "-e 15". The
valid options are (use the number preceding each description):
1 Random URI encoding (non-UTF8)
2 Add directory self-reference /./
3 Premature URL ending
4 Prepend long random string to request
5 Fake parameters to files
6 TAB as request spacer instead of spaces
7 Random case sensitivity
8 Use Windows directory separator \ instead of /
9 Session splicing
6
January 24, 2002 Copyright 2002 All Rights Reserved
7
January 24, 2002 Copyright 2002 All Rights Reserved
D. Updating Nikto
Nikto is a two piece tool: engine and vunerability database. The database is a
series of "plugins" that contains exploit information. They hold information for over
100 unique web servers and more than 2,000 known vulnerabilities among the web
servers and CGI applications.
The latest plugins should be retrieved prior to running Nikto.
(3). This concludes the Nikto exercise. Exit the shell terminal
and power down the Linux box.
2. Part 2 – N-Stealth
8
January 24, 2002 Copyright 2002 All Rights Reserved
A. Phase 1 - Installation
(1) Using Explorer go to the following directory:
C:\Program Files\Security Toolbox\Assessment Tools. A
screen similar to the following should appear.
9
January 24, 2002 Copyright 2002 All Rights Reserved
10
January 24, 2002 Copyright 2002 All Rights Reserved
11
January 24, 2002 Copyright 2002 All Rights Reserved
12
January 24, 2002 Copyright 2002 All Rights Reserved
13
January 24, 2002 Copyright 2002 All Rights Reserved
(2). Set English as your default language and click OK. The
following screen should appear.
(3). Enter a url specified by your instructor and click Start Scan
and select No at the next pop-up screen. A screen similar to the
following should appear. Explore this screen in coordination
with your instructor.
14
January 24, 2002 Copyright 2002 All Rights Reserved
(4). At the instructor's discretion either stop the scan or let it run
to completion. If it runs to completion the scan may take several
minutes since over 16,000 items will be checked. If the scan is
stopped a screen similar to the following should be present.
Explore the screen in coordination with your instructor.
15
January 24, 2002 Copyright 2002 All Rights Reserved
(6). Highlight the URL just scanned and select Generate. The
following screen should appear.
16
January 24, 2002 Copyright 2002 All Rights Reserved
17
January 24, 2002 Copyright 2002 All Rights Reserved
18
January 24, 2002 Copyright 2002 All Rights Reserved
Instructors Appendix
1. Nikto.
The current version of Nikto is 1.32 can be
downloaded from www.cirt.net onto a Linux box.
Nikto is a perl script written by Chris Sullo and is styled
after RFP's Whisker. Nikto uses RFP's Libwhisker
library for HTTP/socket functionality. It has a reputation
of being one of the best free Web server scanners.
It has two major functions that are noteworthy. First,
since it is exceptionally noisy and will undoubtedly be
logged, it can employ IDS techniques. Nikto, when
employing IDS evasion, uses nine different techniques to
format the URL request to bypass simple string matching
IDSs. Second, it has the capability of being automatically
through the use of the -update command.
a. I downloaded and installed Nikto onto a Redhat
9.0 box.
b. Nikto can be installed onto any directory,
2. N-Stealth.
WebSleuth can be downloaded from www.nstalker.com.
a. Download N-Stealth onto a Widows box.
19
January 24, 2002 Copyright 2002 All Rights Reserved
3. Web Site.
A web site should only be analyzed if permission has
be been granted. For this exercise I mirrored the NVCC
web site onto a classroom Server composed of a
Windows 2003 machine running IIS.
20