介紹一套給網管使用的安全檢查工具(轉)

RegisterForBlog發表於2007-09-19
介紹一套給網管使用的安全檢查工具(轉)[@more@]

  介紹一套給網管使用的安全檢查工具,可檢查下列漏洞:

  Web Checks - 126 Checks

  ***********************

  Web service is running

  Misc Evaluate web service software

  Misc MS Proxy Server

  Misc Remote IIS administration

  Misc Oracle owa_util package

  Execute Commands msadc

  Execute Commands campas

  Execute Commands jj

  Execute Commands formmail

  Execute Commands formmail.pl

  Execute Commands faxsurvey

  Execute Commands get32.exe

  Execute Commands alibaba.pl

  Execute Commands tst.bat

  Execute Commands phf

  Execute Commands webdist.cgi

  Execute Commands aglimpse.cgi

  Execute Commands echo.bat

  Execute Commands hello.bat

  Execute Commands loadpage.cgi

  Execute Commands Oracle Bat files

  View files iissamples/issamples/query.idq

  View files iissamples/issamples/fastq.idq

  View files iissamples/exair/search/search.idq

  View files iissamples/exair/search/query.idq

  View files prxdocs/misc/prxrch.idq

  View files iissamples/issamples/oop/qfullhit.htw

  View files iissamples/issamples/oop/qsumrhit.htw

  View files scripts/samples/search/qfullhit.htw

  View files scripts/samples/search/qsumrhit.htw

  View files Webhits

  View files scripts/samples/search/author.idq

  View files scripts/samples/search/filesize.idq

  View files scripts/samples/search/filetime.idq

  View files scripts/samples/search/query.idq

  View files scripts/samples/search/queryhit.idq

  View files scripts/samples/search/simple.idq

  View files scripts/samples/search/filesize.idq

  View files scripts/samples/search/filetime.idq

  View files scripts/samples/search/query.idq

  View files scripts/samples/search/queryhit.idq

  View files scripts/samples/search/simple.idq

  View files scripts/samples/search/qfullhit.htw

  View files scripts/samples/search/qsumrhit.htw

  View files scripts/samples/search/webhits.exe

  View files iissamples/exair/howitworks/codebrws.asp

  View files msadc/samples/selector/showcode.asp

  View files scripts/rguest.exe

  View files cgi-bin/rguest.exe

  View files scripts/wguest.exe

  View files cgi-bin/wguest.exe

  View files Search admin webhits.exe

  View files view-source

  View files ~root

  View files ~ftp

  View files FormHandler.cgi

  View files AltaVista query

  View files search.cgi (EZSHOPPER)

  View files htsearch

  View files sojourn.cgi

  View files windmail

  Information cfcache.map

  Information idc reveals physical paths

  Information bdir.htr

  Information server-info

  Information server-status

  Information robots.txt

  Information cgi-bin/enivron.pl

  Information scripts/environ.pl

  Information testcgi

  Information test-cgi

  Information test.cgi

  Information cgitest.exe

  Information nph-test-cgi

  Information mkilog.exe

  Information mkplog.exe

  Information cgi-bin/htimage.exe

  Information scripts/htimage.exe

  Information names.nsf

  Information catalog.nsf

  Information log.nsf

  Information domlog.nsf

  Information domcfg.nsf

  Information doctodep.btr

  FrontPage administrators.pwd

  FrontPage authors.pwd

  FrontPage users.pwd

  FrontPage service.pwd

  FrontPage IIS Account shtml.dll

  Directory Listing cgi-bin

  Directory Listing scripts

  Directory Listing Netscape PageService

  Shell check cgi-bin/sh

  Shell check cgi-bin/csh

  Shell check cgi-bin/ksh

  Shell check cgi-bin/tcsh

  Shell check cgi-bin/cmd.exe

  Shell check scripts/cmd.exe

  Perl cgi-bin/cmd32.exe

  Perl scripts/cmd32.exe

  Perl cgi-bin/perl.exe

  Perl scripts/perl.exe

  Perl Errors reveal info

  Create file newdsn.exe

  BUffer overrun fpcount.exe

  Buffer Overrun count.cgi

  Predictable SessionID rightfax

  Search iissamples/issamples/query.asp

  Search iissamples/exair/search/advsearch.asp

  Search samples/search/queryhit.htm

  Search Netscape

  Password Attacks iisadmpwd/aexp3.htr

  HTTP Methods allowed to root directory

  HTTP Methods allowed to /users

  HTTP Methods allowed to /cgi-bin

  HTTP Methods allowed to /scripts

  Create file in /users directory

  Create file in /cgi-bin directory

  Create file in / directory

  Create file in /scripts directory

  File Upload repost.asp

  File Upload cgi-win/uploader.exe

  View Source Netscape append space

  View Source shtml.dll

  View Source ::$DATA

  Configuration .htaccess

  SMTP Service - 21 Checks

  ************************

  SMTP service is running

  Service software enumeration

  EXPN command allowed

  VRFY command allowed

  VERB command allowed

  Mail relaying allowed'

  Win2k SMTP IIS Service Buffer Overrun

  SLMail Buffer Overrun

  Exchange Service Packs

  Sendmail Wizard

  Sendmail debug

  Sendmail piped aliases

  Mail to programs

  Mail from bounce check

  Sendmail 8.6.9 IDENT vulnerability

  Sendmail 8.6.11 DoS vulnerability

  Sendmail 8.7.5 GECOS buffer overrun vulnerability

  Sendmail 8.8.0 MIME buffer overrun vulnerability

  Sendmail 8.8.3 MIME buffer overrun vulnerability

  Decode alias check

  Mail forgery

  FTP Checks - 7 Checks

  *********************

  FTP daemon is running

  Service Software enumeration

  IIS 4 DoS

  Anonymous logins allowed

  Hidden /c directory found

  Uploads allowed to /c

  Uploads allowed to root

  Portmapper - 2 Checks

  *********************

  Portmapper is listening

  Dump RPC Services running

  POP3 Checks - 3 Checks

  **********************

  POP3 Daemon is running

  Service software enumeration

  QPOP buffer overrun

  MS SQL Server Checks - 19 Checks

  ********************************

  MS SQL Server is running

  sa login has no password

  Dump logins from master database

  login has a blank password

  login's password is same as login name

  Dump databases

  guest account is enabled on database

  Dump logins with access to database

  Audit database roles in database

  Audit members of server-wide sysadmin role

  Audit members of server-wide securityadmin role

  Audit members of server-wide setupadmin role

  Audit members of server-wide serveradmin role

  Audit members of server-wide diskadmin role

  Audit members of server-wide processadmin role

  Audit members of server-wide dbcreator role

  Check if SQL Authentication is allowed

  Check if Mixed Mode Authentication is allowed

  Check if NT Authentication is allowed

  NT Accounts - 8 Checks

  ********************

  Enumnerate Account Name

  User Full name

  User Comment

  User Privs

  User Last logon

  User Last password change

  Account has a blank password

  Account has password same as userID

  NT Shares - 3 Checks

  ********************

  Share Name

  Share Type

  Null session connection

  NT Groups - 2 Checks

  ********************

  Enumerate group names

  Enumerate and list members

  

·上一篇:

·下一篇:
 
     最新更新
·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·

·


| | | | | | |

Copyright © 2004 - 2007 All Rights Reserved

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/10763080/viewspace-970214/,如需轉載,請註明出處,否則將追究法律責任。

介紹一套給網管使用的安全檢查工具(轉)
請登入後發表評論 登入
全部評論

相關文章