w3af>>>
Gunakan perintah ‘help’ untuk melihat bantuan (wajib):
w3af>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
http-settings Configure the URL opener.
misc-settings Configure w3af misc settings.
plugins Enable, disable and configure plugins.
profiles List and start scan profiles.
start Start site analysis.
exploit Exploit a vulnerability.
tools Enter the tools section.
target Set the target URL.
version Show the w3af version.
exit Exit w3af.
The following commands are available:
help You are here. help [command] prints more specific help.
http-settings Configure the URL opener.
misc-settings Configure w3af misc settings.
plugins Enable, disable and configure plugins.
profiles List and start scan profiles.
start Start site analysis.
exploit Exploit a vulnerability.
tools Enter the tools section.
target Set the target URL.
version Show the w3af version.
exit Exit w3af.
w3af>>>
w3af berbeda dengan console pada metasploit, saya sendiri pada awalnya bingung namun dengan sedikit pemahaman, akhirnya dapat dimengerti bahwa penggunaan console pada w3af adalah dengan mengetikan setiap list yang muncul pada menu help, untuk kembali ke menu awal tinggal mengetikkan ‘back’. Kita akan mencobanya langsung pada salah satu target.
Konfigurasi:
w3af>>> target
w3af/target>>> help
The following commands are available:
help You are here. help [command|parameter] prints more specific help.
set Set a parameter value.
view List all configuration parameters and current values.
back Return to previous menu.
w3af/target>>> set target http://demo.testfire.net
w3af/target>>> view
w3af/target>>> help
The following commands are available:
help You are here. help [command|parameter] prints more specific help.
set Set a parameter value.
view List all configuration parameters and current values.
back Return to previous menu.
w3af/target>>> set target http://demo.testfire.net
w3af/target>>> view
Target sudah kita set, sekarang plugin untuk auditingnya:
w3af/target>>> back
w3af>>> plugins
w3af/plugins>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
list List all available plugins.
bruteforce Enable and configure bruteforce plugins.
discovery Enable and configure discovery plugins.
output Enable and configure output plugins.
mangle Enable and configure mangle plugins.
audit Enable and configure audit plugins.
evasion Enable and configure evasion plugins.
grep Enable and configure grep plugins.
back Return to previous menu.
w3af/plugins>>>
w3af>>> plugins
w3af/plugins>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
list List all available plugins.
bruteforce Enable and configure bruteforce plugins.
discovery Enable and configure discovery plugins.
output Enable and configure output plugins.
mangle Enable and configure mangle plugins.
audit Enable and configure audit plugins.
evasion Enable and configure evasion plugins.
grep Enable and configure grep plugins.
back Return to previous menu.
w3af/plugins>>>
w3af membutuhkan sedikitnya tiga buah plugin untuk di load, yaitu discovery, audit, dan output. Untuk melihat isi dari masing-masing plugin , jalankan ‘list’ diikuti pluginnya, misal ‘list audit’ maka akan menghasilkan semua isi dari plugin audit seperti xss, xsrf, sql injection, ldap injection, dll. Mengetikan nama plugin (misalkan audit) akan menghasilkan opsi mana yang telah kita set. Contohnya:
w3af/plugins>>> audit xss,sqli,xpath,remoteFileInclude,blindSqli
w3af/plugins>>>
w3af/plugins>>>
atau bisa juga dengan..
w3af/plugins>>> audit all
Saya akan melakukan test SQL Injection pada sebuah webserver, website linkage dan crawling, memberi laporan secara realtime serta dalam laporan berbentuk html. Berikut langkah-langkahnya.
w3af/plugins>>> audit sqli
w3af/plugins>>> audit
Enabled audit plugins:
sqli
w3af/plugins>>> discovery webSpider,pykto,hmap
w3af/plugins>>> discovery
Enabled discovery plugins:
webSpider
hmap
pykto
w3af/plugins>>> output console,htmlFile
w3af/plugins>>> output
Enabled output plugins:
htmlFile
console
w3af/plugins>>> output config htmlFile
w3af/plugin/htmlFile>>> view
Parameter Value Description
========= ===== ===========
httpFileName output-http.txt File name where this plugin will write HTTP requests and responses
reportDebug False True if debug information will be appended to the report.
fileName report.html File name where this plugin will write to
w3af/plugin/htmlFile>>>
w3af/plugins>>> audit
Enabled audit plugins:
sqli
w3af/plugins>>> discovery webSpider,pykto,hmap
w3af/plugins>>> discovery
Enabled discovery plugins:
webSpider
hmap
pykto
w3af/plugins>>> output console,htmlFile
w3af/plugins>>> output
Enabled output plugins:
htmlFile
console
w3af/plugins>>> output config htmlFile
w3af/plugin/htmlFile>>> view
Parameter Value Description
========= ===== ===========
httpFileName output-http.txt File name where this plugin will write HTTP requests and responses
reportDebug False True if debug information will be appended to the report.
fileName report.html File name where this plugin will write to
w3af/plugin/htmlFile>>>
Saya telah melakukan konfigurasi yang sederhana untuk testing ke webserver menggunakan webSpider untuk crawling direktori dan link, lalu pykto untuk audit web (pykto adalah versi python dari nikto), dan hmap untuk host fingerprinting. Hasilnya ditulis pada file output-http.txt dan report.html.
w3af/plugin/htmlFile>>> back
w3af/plugins>>> back
w3af>>>start
w3af/plugins>>> back
w3af>>>start
silakan menunggu sampai proses auditing selesai.
w3af>>> start
Auto-enabling plugin: discovery.allowedMethods
Auto-enabling plugin: discovery.serverHeader
The Server header for this HTTP server is: squid/2.6.STABLE5
Server uses 503 instead of HTTP 404 error code.
pykto plugin is using “squid/2.6.STABLE5″ as the remote server type. This information was obtained by serverHeader plugin.
Error when requesting: http://demo.testfire.net/
Error: Too many retries when trying to get: http://demo.testfire.net/
Auto-enabling plugin: discovery.allowedMethods
Auto-enabling plugin: discovery.serverHeader
The Server header for this HTTP server is: squid/2.6.STABLE5
Server uses 503 instead of HTTP 404 error code.
pykto plugin is using “squid/2.6.STABLE5″ as the remote server type. This information was obtained by serverHeader plugin.
Error when requesting: http://demo.testfire.net/
Error: Too many retries when trying to get: http://demo.testfire.net/
http://demo.testfire.net/
pykto plugin found a vulnerability at URL: http://demo.testfire.net/modules.php . Vulnerability description: PHP Nuke module allows user names and passwords to be viewed. See http://www.frog-man.org/tutos/PHP-Nuke6.0-Members_List-Your_Account.txt for other SQL exploits in this module. The vulnerability was found in the request with id 2330.
pykto plugin found a vulnerability at URL: http://demo.testfire.net/bank/ . Vulnerability description: This might be interesting… The vulnerability was found in the request with id 3315.
Hmap web server fingerprint is starting, this may take a while.
hmap: Connection failed to demo.testfire.net:80
New URL found by pykto plugin: http://demo.testfire.net/modules.php
New URL found by pykto plugin: http://demo.testfire.net/bank/
pykto plugin found a vulnerability at URL: http://demo.testfire.net/bank/ . Vulnerability description: This might be interesting… The vulnerability was found in the request with id 3315.
Hmap web server fingerprint is starting, this may take a while.
hmap: Connection failed to demo.testfire.net:80
New URL found by pykto plugin: http://demo.testfire.net/modules.php
New URL found by pykto plugin: http://demo.testfire.net/bank/
0 comments:
Post a Comment