8. Non-authoritative user bisa menjalankan Ajax call, yg harusnya
hanya untuk previliged user saja!!!
Dan bisa menerima file yang diupload oleh hacker.
Bugs Program
19. [!] Title: Catablog <= 1.6 - Cross Site Scripting
Reference: https://wpvulndb.com/vulnerabilities/6286
Reference: http://packetstormsecurity.com/files/112619/
[+] Name: grand-media - v1.0.0
| Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/
| Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/grand-media/readme.txt
[!] The version is out of date, the latest version is 1.8.20
[!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/
plugins/grand-media/
[!] Title: Gmedia Gallery 1.2.1 - Shell Upload
Reference: https://wpvulndb.com/vulnerabilities/7544
Reference: http://packetstormsecurity.com/files/127725/
[i] Fixed in: 1.2.2
[+] Name: page-layout-builder - v1.9.3
| Location: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/
| Readme: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/plugins/page-layout-builder/readme.txt
[!] The version is out of date, the latest version is 2.0.3
[!] Directory listing is enabled: http://perpustakaan.kemdikbud.go.id/perpus/wp-content/
plugins/page-layout-builder/
20. [!] Upload directory has directory listing enabled: http://
perpustakaan.kemdikbud.go.id/perpus/wp-content/uploads/
37. Nmap (“Network Mapper”) is a free and open source (license)
utility for network discovery and security auditing.
38. root@kali:~# nmap -v -A -sV perpustakaan.kemdikbud.go.id
Starting Nmap 7.01 ( https://nmap.org ) at 2016-04-24 11:24 EDT
NSE: Loaded 132 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 11:24
Completed NSE at 11:24, 0.00s elapsed
Initiating NSE at 11:24
Completed NSE at 11:24, 0.00s elapsed
Initiating Ping Scan at 11:24
Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [4 ports]
Completed Ping Scan at 11:24, 0.05s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:24
Completed Parallel DNS resolution of 1 host. at 11:24, 7.39s elapsed
Initiating SYN Stealth Scan at 11:24
Scanning perpustakaan.kemdikbud.go.id (118.98.232.10) [1000 ports]
Discovered open port 80/tcp on 118.98.232.10
Discovered open port 8080/tcp on 118.98.232.10
Discovered open port 443/tcp on 118.98.232.10
Discovered open port 53/tcp on 118.98.232.10
Discovered open port 25/tcp on 118.98.232.10
Discovered open port 21/tcp on 118.98.232.10
Discovered open port 143/tcp on 118.98.232.10
Discovered open port 110/tcp on 118.98.232.10
...
Discovered open port 3011/tcp on 118.98.232.10
Discovered open port 1100/tcp on 118.98.232.10
Discovered open port 19780/tcp on 118.98.232.10
Completed SYN Stealth Scan at 11:24, 1.68s elapsed (1000 total ports)
Initiating Service scan at 11:24
Scanning 602 services on perpustakaan.kemdikbud.go.id (118.98.232.10)
Completed Service scan at 11:26, 119.80s elapsed (604 services on 1 host)
Initiating OS detection (try #1) against perpustakaan.kemdikbud.go.id (118.98.232.10)
Retrying OS detection (try #2) against perpustakaan.kemdikbud.go.id (118.98.232.10)
Initiating Traceroute at 11:26
Completed Traceroute at 11:26, 0.10s elapsed
Initiating Parallel DNS resolution of 15 hosts. at 11:26
Completed Parallel DNS resolution of 15 hosts. at 11:26, 13.00s elapsed
NSE: Script scanning 118.98.232.10.
39. Nmap scan report for perpustakaan.kemdikbud.go.id (118.98.232.10)
Host is up (0.016s latency).
rDNS record for 118.98.232.10: 232-10.sny.kemdiknas.go.id
Not shown: 396 closed ports
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
3/tcp open tcpwrapped
6/tcp open tcpwrapped
9/tcp open tcpwrapped
19/tcp open tcpwrapped
21/tcp open tcpwrapped
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.6 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 1e:dc:af:54:2c:99:e3:4c:be:72:14:b2:83:2c:5e:d5 (DSA)
| 2048 10:73:0b:fb:32:f8:a5:ad:b5:fa:92:c8:23:6e:3a:e5 (RSA)
|_ 256 4f:b1:2d:27:0a:8e:94:f5:b4:16:8f:e7:e1:5e:e4:33 (ECDSA)
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
32/tcp open tcpwrapped
33/tcp open tcpwrapped
37/tcp open tcpwrapped
42/tcp open tcpwrapped
43/tcp open tcpwrapped
49/tcp open tcpwrapped
53/tcp open domain
| dns-nsid:
|_ bind.version: 9.9.5-3ubuntu0.8-Ubuntu
70/tcp open tcpwrapped
79/tcp open tcpwrapped
|_finger: ERROR: Script execution failed (use -d to debug)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
|_http-favicon: Unknown favicon MD5: 324F774689F580B14976BECE7F5D5DDC
|_http-generator: WPSSO 3.29.5-1/G
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/sftwrs/
|_http-server-header: Apache/2.4.7 (Ubuntu)
| http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_Requested resource was perpus/
40. 443/tcp open ssl/http Apache httpd 2.4.7
|_http-generator: WPSSO 3.29.5-1/G
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/sftwrs/
|_http-server-header: Apache/2.4.7 (Ubuntu)
| http-title: Site doesn't have a title (text/html; charset=UTF-8).
|_Requested resource was perpus/
| ssl-cert: Subject: commonName=perpustakaan.kemdikbud.go.id
| Issuer: commonName=StartCom Class 1 DV Server CA/organizationName=StartCom Ltd./countryName=IL
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2016-04-21T04:32:00
| Not valid after: 2017-04-21T04:32:00
| MD5: 7d2b bdd1 e9f0 82aa 82df b396 6a8f 8843
|_SHA-1: 6263 4932 9c34 bd6a ed9b caf4 9abe b85d 7835 2eb0
|_ssl-date: TLS randomness does not represent time
...
8008/tcp open http
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-title: Did not follow redirect to https://perpustakaan.kemdikbud.go.id:8010/
8009/tcp open tcpwrapped
8010/tcp open ssl/http-proxy FortiGate Web Filtering Service
|_hadoop-datanode-info:
|_hadoop-tasktracker-info:
|_hbase-master-info:
| http-methods:
|_ Supported Methods: GET POST
|_http-title: Web Filter Block Override
| ssl-cert: Subject: commonName=FortiGate/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
| Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2011-02-21T21:13:04
| Not valid after: 2038-01-19T03:14:07
| MD5: f829 467c f6b5 eb98 f4d5 d8e8 575d ea12
|_SHA-1: 0bc4 90af d22b f753 2042 557f 4591 dd88 7fa2 b3ed
|_ssl-date: TLS randomness does not represent time
|_sstp-discover: SSTP is supported.
41. TRACEROUTE (using port 995/tcp)
HOP RTT ADDRESS
1 13.97 ms 192.168.100.1
2 14.20 ms 1.subnet125-161-160.speedy.telkom.net.id (125.161.160.1)
3 8.73 ms 225.subnet125-160-14.speedy.telkom.net.id (125.160.14.225)
4 11.82 ms 61.94.171.97
5 12.03 ms 209.subnet118-98-51.astinet.telkom.net.id (118.98.51.209)
6 21.95 ms 109.subnet118-98-58.astinet.telkom.net.id (118.98.58.109)
7 15.55 ms 122.subnet125-160-9.speedy.telkom.net.id (125.160.9.122)
8 92.86 ms 218.100.36.2
9 20.51 ms jardiknas.openixp.net (218.100.27.84)
10 34.53 ms 118.98.132.202
11 37.32 ms 118.98.132.206
12 23.47 ms 118.98.132.113
13 23.68 ms 118.98.159.2
14 13.56 ms 118.98.159.6
15 24.25 ms 232-10.sny.kemdiknas.go.id (118.98.232.10)
NSE: Script Post-scanning.
Initiating NSE at 11:29
Completed NSE at 11:29, 0.00s elapsed
Initiating NSE at 11:29
Completed NSE at 11:29, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://
nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 271.02 seconds
Raw packets sent: 1223 (55.792KB) | Rcvd: 1038 (43.316KB)
42. Dan masih banyak lagi tool untuk uji
keamanan jaringan menggunakan
Kali Linux.
Silahkan coba sendiri…
48. Kali Linux - https://www.kali.org
Download Kali Linux - https://www.offensive-security.com/kali-linux-vmware-virtualbox-
image-download/
Silabus training Kali Linux - https://www.offensive-security.com/documentation/penetration-
testing-with-kali.pdf
Slide dan Buku - http://www.slideshare.net/search/slideshow?searchfrom=header&q=kali
+linux
Sample of Penetration Test Report - https://www.offensive-security.com/reports/sample-
penetration-testing-report.pdf
Referensi