介紹一套給網管使用的安全檢查工具(轉)

介紹一套給網管使用的安全檢查工具(轉)[@more@]

　　介紹一套給網管使用的安全檢查工具，可檢查下列漏洞：

　　Web Checks - 126 Checks

　　***********************

　　Web service is running

　　Misc Evaluate web service software

　　Misc MS Proxy Server

　　Misc Remote IIS administration

　　Misc Oracle owa_util package

　　Execute Commands msadc

　　Execute Commands campas

　　Execute Commands jj

　　Execute Commands formmail

　　Execute Commands formmail.pl

　　Execute Commands faxsurvey

　　Execute Commands get32.exe

　　Execute Commands alibaba.pl

　　Execute Commands tst.bat

　　Execute Commands phf

　　Execute Commands webdist.cgi

　　Execute Commands aglimpse.cgi

　　Execute Commands echo.bat

　　Execute Commands hello.bat

　　Execute Commands loadpage.cgi

　　Execute Commands Oracle Bat files

　　View files iissamples/issamples/query.idq

　　View files iissamples/issamples/fastq.idq

　　View files iissamples/exair/search/search.idq

　　View files iissamples/exair/search/query.idq

　　View files prxdocs/misc/prxrch.idq

　　View files iissamples/issamples/oop/qfullhit.htw

　　View files iissamples/issamples/oop/qsumrhit.htw

　　View files scripts/samples/search/qfullhit.htw

　　View files scripts/samples/search/qsumrhit.htw

　　View files Webhits

　　View files scripts/samples/search/author.idq

　　View files scripts/samples/search/filesize.idq

　　View files scripts/samples/search/filetime.idq

　　View files scripts/samples/search/query.idq

　　View files scripts/samples/search/queryhit.idq

　　View files scripts/samples/search/simple.idq

　　View files scripts/samples/search/filesize.idq

　　View files scripts/samples/search/filetime.idq

　　View files scripts/samples/search/query.idq

　　View files scripts/samples/search/queryhit.idq

　　View files scripts/samples/search/simple.idq

　　View files scripts/samples/search/qfullhit.htw

　　View files scripts/samples/search/qsumrhit.htw

　　View files scripts/samples/search/webhits.exe

　　View files iissamples/exair/howitworks/codebrws.asp

　　View files msadc/samples/selector/showcode.asp

　　View files scripts/rguest.exe

　　View files cgi-bin/rguest.exe

　　View files scripts/wguest.exe

　　View files cgi-bin/wguest.exe

　　View files Search admin webhits.exe

　　View files view-source

　　View files ~root

　　View files ~ftp

　　View files FormHandler.cgi

　　View files AltaVista query

　　View files search.cgi (EZSHOPPER)

　　View files htsearch

　　View files sojourn.cgi

　　View files windmail

　　Information cfcache.map

　　Information idc reveals physical paths

　　Information bdir.htr

　　Information server-info

　　Information server-status

　　Information robots.txt

　　Information cgi-bin/enivron.pl

　　Information scripts/environ.pl

　　Information testcgi

　　Information test-cgi

　　Information test.cgi

　　Information cgitest.exe

　　Information nph-test-cgi

　　Information mkilog.exe

　　Information mkplog.exe

　　Information cgi-bin/htimage.exe

　　Information scripts/htimage.exe

　　Information names.nsf

　　Information catalog.nsf

　　Information log.nsf

　　Information domlog.nsf

　　Information domcfg.nsf

　　Information doctodep.btr

　　FrontPage administrators.pwd

　　FrontPage authors.pwd

　　FrontPage users.pwd

　　FrontPage service.pwd

　　FrontPage IIS Account shtml.dll

　　Directory Listing cgi-bin

　　Directory Listing scripts

　　Directory Listing Netscape PageService

　　Shell check cgi-bin/sh

　　Shell check cgi-bin/csh

　　Shell check cgi-bin/ksh

　　Shell check cgi-bin/tcsh

　　Shell check cgi-bin/cmd.exe

　　Shell check scripts/cmd.exe

　　Perl cgi-bin/cmd32.exe

　　Perl scripts/cmd32.exe

　　Perl cgi-bin/perl.exe

　　Perl scripts/perl.exe

　　Perl Errors reveal info

　　Create file newdsn.exe

　　BUffer overrun fpcount.exe

　　Buffer Overrun count.cgi

　　Predictable SessionID rightfax

　　Search iissamples/issamples/query.asp

　　Search iissamples/exair/search/advsearch.asp

　　Search samples/search/queryhit.htm

　　Search Netscape

　　Password Attacks iisadmpwd/aexp3.htr

　　HTTP Methods allowed to root directory

　　HTTP Methods allowed to /users

　　HTTP Methods allowed to /cgi-bin

　　HTTP Methods allowed to /scripts

　　Create file in /users directory

　　Create file in /cgi-bin directory

　　Create file in / directory

　　Create file in /scripts directory

　　File Upload repost.asp

　　File Upload cgi-win/uploader.exe

　　View Source Netscape append space

　　View Source shtml.dll

　　View Source ::$DATA

　　Configuration .htaccess

　　SMTP Service - 21 Checks

　　************************

　　SMTP service is running

　　Service software enumeration

　　EXPN command allowed

　　VRFY command allowed

　　VERB command allowed

　　Mail relaying allowed'

　　Win2k SMTP IIS Service Buffer Overrun

　　SLMail Buffer Overrun

　　Exchange Service Packs

　　Sendmail Wizard

　　Sendmail debug

　　Sendmail piped aliases

　　Mail to programs

　　Mail from bounce check

　　Sendmail 8.6.9 IDENT vulnerability

　　Sendmail 8.6.11 DoS vulnerability

　　Sendmail 8.7.5 GECOS buffer overrun vulnerability

　　Sendmail 8.8.0 MIME buffer overrun vulnerability

　　Sendmail 8.8.3 MIME buffer overrun vulnerability

　　Decode alias check

　　Mail forgery

　　FTP Checks - 7 Checks

　　*********************

　　FTP daemon is running

　　Service Software enumeration

　　IIS 4 DoS

　　Anonymous logins allowed

　　Hidden /c directory found

　　Uploads allowed to /c

　　Uploads allowed to root

　　Portmapper - 2 Checks

　　*********************

　　Portmapper is listening

　　Dump RPC Services running

　　POP3 Checks - 3 Checks

　　**********************

　　POP3 Daemon is running

　　Service software enumeration

　　QPOP buffer overrun

　　MS SQL Server Checks - 19 Checks

　　********************************

　　MS SQL Server is running

　　sa login has no password

　　Dump logins from master database

　　login has a blank password

　　login's password is same as login name

　　Dump databases

　　guest account is enabled on database

　　Dump logins with access to database

　　Audit database roles in database

　　Audit members of server-wide sysadmin role

　　Audit members of server-wide securityadmin role

　　Audit members of server-wide setupadmin role

　　Audit members of server-wide serveradmin role

　　Audit members of server-wide diskadmin role

　　Audit members of server-wide processadmin role

　　Audit members of server-wide dbcreator role

　　Check if SQL Authentication is allowed

　　Check if Mixed Mode Authentication is allowed

　　Check if NT Authentication is allowed

　　NT Accounts - 8 Checks

　　********************

　　Enumnerate Account Name

　　User Full name

　　User Comment

　　User Privs

　　User Last logon

　　User Last password change

　　Account has a blank password

　　Account has password same as userID

　　NT Shares - 3 Checks

　　********************

　　Share Name

　　Share Type

　　Null session connection

　　NT Groups - 2 Checks

　　********************

　　Enumerate group names

　　Enumerate and list members

　　

·上一篇：

·下一篇：

最新更新
	· · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·