[share] WMAP Web Scanner by Metasploit

**Junior Riau** · 02-17-2012, 11:38 AM

assalamualaikum wr wb
kembali lagi bersana ane(anak pengguna baru) Big Grin

mau ngeshare tool juga ni bagian dari metasploit juga tapi untuk web scanner,,
namanya wmap web scanner,,tadi udah search dimari g ketemu wmap,,nah kalo ternyata ada thread wmap kulkasin aja dah ni thread ya om momod om mimin

ok bekicot eh cekidot Big Grin

wkw
buka msfconsole

Code:
msfconsole

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

MMMMMMMMMMM                MMMMMMMMMM

MMMN$                           vMMMM

MMMNl  MMMMM             MMMMM  JMMMM

MMMNl  MMMMMMMN       NMMMMMMM  JMMMM

MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM

MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM

MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM

MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM

MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM

MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM

MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM

MMMMR  ?MMNM             MMMMM .dMMMM

MMMMNm `?MMM             MMMM` dMMMMM

MMMMMMN  ?MM             MM?  NMMMMMN

MMMMMMMMNe                 JMMMMMNMMM

MMMMMMMMMMNm,            eMMMMMNMMNMM

MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM

MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM

       =[ metasploit v4.0.0-release [core:4.0 api:1.0]

+ -- --=[ 716 exploits - 361 auxiliary - 68 post

+ -- --=[ 226 payloads - 27 encoders - 8 nops

       =[ svn r14726 updated 199 days ago (2011.08.01)

Warning: This copy of the Metasploit Framework was last updated 199 days ago.

         We recommend that you update the framework at least every other day.

         For information on updating your copy of Metasploit, please see:

             https://community.rapid7.com/docs/DOC-1306

msf>

buka wmap, sebelum wmap di load kita koneksikan dulu ke databasenya.

Code:
msf > db_connect -y /opt/framework/config/database.yml

[*] Using database driver postgresql

msf > load wmap

[*] [WMAP 1.0] ===  et [  ] metasploit.com 2011

[*] Successfully loaded plugin: wmap

ini command standar wmap

Code:
msf > help

Wmap Commands

=============

    Command       Description

    -------       -----------

    wmap_run      Test targets

    wmap_sites    Manage sites

    wmap_targets  Manage targets

udah ada site dan target belum yah??mari kita lihat

Code:
msf > wmap_sites -l

Available sites

===============

     Id  Host  Vhost  Port  # Pages  # Forms

     --  ----  -----  ----  -------  -------

msf > wmap_targets -l

[*] No targets have been defined

ternyata belum ada,, kita tambahin site nya dulu

Code:
msf > wmap_sites -a http://depkes.go.id/

[*] Site created.

ok lihat lagi target nya

msf > wmap_sites -l

Available sites

===============

     Id  Host          Vhost         Port  # Pages  # Forms

     --  ----          -----         ----  -------  -------

     0   202.70.136.4  202.70.136.4  80    0        0

tambahin site nya ke target kita

Code:
msf > wmap_targets -t http://202.70.136.4

waktunya menjalankan misi Smile

lihat option dulu yah

Code:
msf > wmap_run -h

[*] Usage: wmap_run [options]

    -h            Display this help text

    -t            Show all enabled modules

    -m [regex]    Launch only modules that name match provided regex.

    -e [/path/to/profile]        Launch profile modules against all matched targets.

                                No file runs all enabled modules.

lihat dulu modul yang cocok sama target kita

Code:
msf > wmap_run -t

[*] Testing target:

[*]     Site: 202.70.136.4 (202.70.136.4)

[*]     Port: 80 SSL: false

============================================================

[*] Testing started. 2012-02-16 20:29:20 +0700

=[ SSL testing ]=

============================================================

[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=

============================================================

[*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ...

[*] Loaded auxiliary/admin/http/tomcat_administration ...

[*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ...

[*] Loaded auxiliary/scanner/http/frontpage_login ...

[*] Loaded auxiliary/scanner/http/http_version ...

[*] Loaded auxiliary/scanner/http/open_proxy ...

[*] Loaded auxiliary/scanner/http/options ...

[*] Loaded auxiliary/scanner/http/robots_txt ...

[*] Loaded auxiliary/scanner/http/svn_scanner ...

[*] Loaded auxiliary/scanner/http/verb_auth_bypass ...

[*] Loaded auxiliary/scanner/http/vhost_scanner ...

[*] Loaded auxiliary/scanner/http/web_vulndb ...

[*] Loaded auxiliary/scanner/http/webdav_internal_ip ...

[*] Loaded auxiliary/scanner/http/webdav_scanner ...

[*] Loaded auxiliary/scanner/http/webdav_website_content ...

=[ File/Dir testing ]=

============================================================

[*] Loaded auxiliary/scanner/http/backup_file ...

[*] Loaded auxiliary/scanner/http/brute_dirs ...

[*] Loaded auxiliary/scanner/http/copy_of_file ...

[*] Loaded auxiliary/scanner/http/dir_listing ...

[*] Loaded auxiliary/scanner/http/dir_scanner ...

[*] Loaded auxiliary/scanner/http/dir_webdav_unicode_bypass ...

[*] Loaded auxiliary/scanner/http/file_same_name_dir ...

[*] Loaded auxiliary/scanner/http/files_dir ...

[*] Loaded auxiliary/scanner/http/ms09_020_webdav_unicode_bypass ...

[*] Loaded auxiliary/scanner/http/prev_dir_same_name_file ...

[*] Loaded auxiliary/scanner/http/replace_ext ...

[*] Loaded auxiliary/scanner/http/trace_axd ...

[*] Loaded auxiliary/scanner/http/writable ...

=[ Unique Query testing ]=

============================================================

[*] Loaded auxiliary/scanner/http/blind_sql_query ...

[*] Loaded auxiliary/scanner/http/error_sql_injection ...

=[ Query testing ]=

============================================================

=[ General testing ]=

============================================================

[*] Analysis completed in 5.741826057434082 seconds.

[*] Done.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ok melakukan scanning

Code:
wmap_run -e

[*] Using ALL wmap enabled modules.

[*] Testing target:

[*]     Site: 202.70.136.4 (202.70.136.4)

[*]     Port: 80 SSL: false

============================================================

[*] Testing started. 2012-02-16 20:31:36 +0700

=[ SSL testing ]=

============================================================

[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=

============================================================

Module auxiliary/admin/http/contentkeeper_fileaccess

[*] Attempting to connect to 202.70.136.4:80

[-] Attempt returned HTTP error 404 on 202.70.136.4:80 Response: 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>404 Not Found</title>

</head><body>

<h1>Not Found</h1>

<p>The requested URL /cgi-bin/ck/mimencode was not found on this server.</p>

<hr>

<address>Apache/2.2.3 (CentOS) Server at 202.70.136.4 Port 80</address>

</body></html>

Module auxiliary/admin/http/tomcat_administration

Module auxiliary/admin/http/tomcat_utf8_traversal

[*] Attempting to connect to 202.70.136.4:80

[-] Attempt #1 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #2 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #3 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #4 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #5 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #6 returned HTTP error 404 on 202.70.136.4:80

[-] Attempt #7 returned HTTP error 404 on 202.70.136.4:80

Module auxiliary/scanner/http/frontpage_login

[*] http://202.70.136.4/ may not support FrontPage Server Extensions

Module auxiliary/scanner/http/http_version

[*] 202.70.136.4 Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )

Module auxiliary/scanner/http/open_proxy

Module auxiliary/scanner/http/options

Module auxiliary/scanner/http/robots_txt

[*] [202.70.136.4] /robots.txt found

Module auxiliary/scanner/http/svn_scanner

[*] Using code '404' as not found.

Module auxiliary/scanner/http/verb_auth_bypass

[*] [202.70.136.4] Authentication not required. / 200

Module auxiliary/scanner/http/vhost_scanner

[*]  >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.

Module auxiliary/scanner/http/web_vulndb

[*]  >> Exception during launch from auxiliary/scanner/http/web_vulndb: The following options failed to validate: VULNCSV.

Module auxiliary/scanner/http/webdav_internal_ip

Module auxiliary/scanner/http/webdav_scanner

Module auxiliary/scanner/http/webdav_website_content

=[ File/Dir testing ]=

============================================================

Module auxiliary/scanner/http/backup_file:

Module auxiliary/scanner/http/brute_dirs:

[*] Path: /

[*] Using code '404' as not found.

Module auxiliary/scanner/http/copy_of_file:

Module auxiliary/scanner/http/dir_listing:

[*] Path: /

Module auxiliary/scanner/http/dir_scanner:

[*] Path: /

[*] Detecting error code

[*] Using code '404' as not found for 202.70.136.4

[*] Found http://202.70.136.4:80/CHANGELOG/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/LICENSE/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/administrator/ 303 (202.70.136.4)

[*] Found http://202.70.136.4:80/cache/ 200 (202.70.136.4)

[*] Found http://202.70.136.4:80/cgi-bin/ 403 (202.70.136.4)

Module auxiliary/scanner/http/dir_webdav_unicode_bypass:

[*] Path: /

[*] Using code '404' as not found.

Module auxiliary/scanner/http/file_same_name_dir:

[*] Path: /

[-] Blank or default PATH set.

Module auxiliary/scanner/http/files_dir:

[*] Path: /

[*] Using code '404' as not found for files with extension .null

Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass:

[*] Path: /

[-] NO Response.

Module auxiliary/scanner/http/prev_dir_same_name_file:

[*] Path: /

[-] Blank or default PATH set.

Module auxiliary/scanner/http/replace_ext:

Module auxiliary/scanner/http/trace_axd:

[*] Path: /

Module auxiliary/scanner/http/writable:

[*] Path: /

=[ Unique Query testing ]=

============================================================

=[ Query testing ]=

============================================================

=[ General testing ]=

============================================================

yuk mari kita lihat hasilnya
taaadaaaaa Big Grin

Code:
msf > hosts -c address,svcs,vulns

Hosts

=====

address         svcs  vulns

-------         ----  -----

192.168.100.10  1     0

202.70.136.4    1     0

ternyata sitenya gak vuln -_-"

okok sekian dari ane Smile

junior.riau18 mohon pamit, assalamualaikum

**jack1989** · 02-17-2012, 01:33 PM

vuln itu buat apa mas broooow.... Big Grin

**gembel** · 02-17-2012, 01:54 PM

(02-17-2012, 01:33 PM)jack1989 Wrote: vuln itu buat apa mas broooow....

Vuln itu celah
jadi lewat celah keamanan di website itu, bisa kita manfaatkan untuk yang macam".
setau ane sih bgitu om

ngomong" om TS, ane mau nanya
ini tool nyari vuln nya kek sqli, LFI, dll atau vuln yg bgmana om?

**afrihhilal** · 02-17-2012, 05:29 PM

ane koq ga bisa ya bro pas lagi jalanin perintah

Code:
msf > wmap_sites -l

keluarnya jadi gini :

Spoiler! :

ntu gimana yak kk????

**civo** · 02-17-2012, 06:06 PM

itu db postgresqlnya belum konek tuh omz...
coba omz mampir ke -->>>http://forum.indonesianbacktrack.or.id/s...hp?tid=181

Big Grin

**Junior Riau** · 02-17-2012, 07:35 PM

(02-17-2012, 05:29 PM)afrihhilal Wrote: ane koq ga bisa ya bro pas lagi jalanin perintah

Code:
msf > wmap_sites -l
keluarnya jadi gini :

Spoiler! :

msf > wmap_sites -l
[-] Error while running command wmap_sites: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 7175?

Call stack:
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `initialize'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `new'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `connect'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:217:in `initialize'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `new'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `postgresql_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:223:in `new_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:245:in `checkout_new_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:188:in `block (2 levels) in checkout'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `loop'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `block in checkout'
/opt/framework/ruby/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:183:in `checkout'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:98:in `connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:326:in `retrieve_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:123:in `retrieve_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:115:in `connection'
/opt/framework/msf3/lib/active_record/base.rb:1271:in `columns'
/opt/framework/msf3/lib/active_record/base.rb:1284:in `column_names'
/opt/framework/msf3/lib/active_record/base.rb:1297:in `column_methods_hash'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `block in all_attributes_exists?'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `each'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `all?'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `all_attributes_exists?'
/opt/framework/msf3/lib/active_record/base.rb:1842:in `method_missing'
/opt/framework/msf3/lib/msf/core/db.rb:201:in `find_workspace'
/opt/framework/msf3/lib/msf/core/db_manager.rb:246:in `workspace'
/opt/framework/msf3/lib/msf/core/db.rb:344:in `hosts'
/opt/framework/msf3/plugins/wmap.rb:1236:in `view_sites'
/opt/framework/msf3/plugins/wmap.rb:76:in `cmd_wmap_sites'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:380:in `run_command'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:342:in `block in run_single'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `each'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `run_single'
/opt/framework/msf3/lib/rex/ui/text/shell.rb:199:in `run'
/opt/framework/msf3/msfconsole:130:in `<main>'

ntu gimana yak kk????

konekkan ini udah??

Code:
[b][color=#FF0000]msf > db_connect -y /opt/framework/config/database.yml

[*] Using database driver postgresql[/color][/b]

msf > load wmap

[*] [WMAP 1.0] ===  et [  ] metasploit.com 2011

[*] Successfully loaded plugin: wmap

**Junior Riau** · 02-18-2012, 06:54 PM

(02-17-2012, 05:29 PM)afrihhilal Wrote: ane koq ga bisa ya bro pas lagi jalanin perintah

Code:
msf > wmap_sites -l
keluarnya jadi gini :

Spoiler! :

msf > wmap_sites -l
[-] Error while running command wmap_sites: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 7175?

Call stack:
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `initialize'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `new'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:968:in `connect'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:217:in `initialize'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `new'
/opt/framework/msf3/lib/active_record/connection_adapters/postgresql_adapter.rb:37:in `postgresql_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:223:in `new_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:245:in `checkout_new_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:188:in `block (2 levels) in checkout'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `loop'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in `block in checkout'
/opt/framework/ruby/lib/ruby/1.9.1/monitor.rb:201:in `mon_synchronize'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:183:in `checkout'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:98:in `connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_pool.rb:326:in `retrieve_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:123:in `retrieve_connection'
/opt/framework/msf3/lib/active_record/connection_adapters/abstract/connection_specification.rb:115:in `connection'
/opt/framework/msf3/lib/active_record/base.rb:1271:in `columns'
/opt/framework/msf3/lib/active_record/base.rb:1284:in `column_names'
/opt/framework/msf3/lib/active_record/base.rb:1297:in `column_methods_hash'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `block in all_attributes_exists?'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `each'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `all?'
/opt/framework/msf3/lib/active_record/base.rb:1986:in `all_attributes_exists?'
/opt/framework/msf3/lib/active_record/base.rb:1842:in `method_missing'
/opt/framework/msf3/lib/msf/core/db.rb:201:in `find_workspace'
/opt/framework/msf3/lib/msf/core/db_manager.rb:246:in `workspace'
/opt/framework/msf3/lib/msf/core/db.rb:344:in `hosts'
/opt/framework/msf3/plugins/wmap.rb:1236:in `view_sites'
/opt/framework/msf3/plugins/wmap.rb:76:in `cmd_wmap_sites'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:380:in `run_command'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:342:in `block in run_single'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `each'
/opt/framework/msf3/lib/rex/ui/text/dispatcher_shell.rb:336:in `run_single'
/opt/framework/msf3/lib/rex/ui/text/shell.rb:199:in `run'
/opt/framework/msf3/msfconsole:130:in `<main>'

ntu gimana yak kk????

gimana udah bisa???

**afrihhilal** · 02-19-2012, 06:40 PM

udah bisa kk... tapi pas lagi mau nambahin website tampilanja jadi gini :

Code:
msf > wmap_sites -a http://undip.ac.id

[-] Unable to create site

msf >

gimane tu??? Angry

**fake666** · 02-19-2012, 07:21 PM

wah keren
musti di coba ni Big Grin

**ezzaez**$ · 02-19-2012, 08:10 PM

aslinya kereeen abis emang nih metasploit...
langsung cicip ah :p
keep share mas bro Big Grin