WG: nikto, n-stealth can crash the web-server?



thanx for your ideas!

That supported my idea that it's rather a problem of the number of requests
than a problem of the exploits done by nikto.

Maze


-----Ursprüngliche Nachricht-----
Von: Evans, Arian [mailto:Arian.Evans@xxxxxxxxxxxxxxxxxxx]
Gesendet: Freitag, 14. Juli 2006 23:04
An: pen-test@xxxxxxxxxxxxxxxxxx
Betreff: RE: nikto, n-stealth can crash the web-server?

Matthias,

-----Original Message-----
From: Matthias Heinrich [mailto:matze-heinrich@xxxxxx]

I'm trying to find out if web-scanners like n-stealth or
nikto can crash the web-server and why.

I've seen nikto in particular cause crashes, and Nessus
plugins, but it always depends on the webserver & the
check, and usually it's not too hard to hunt down.

Examples:

+ Chunked encoding tests on older IIS & apache versions

+ There's a Cisco ACS BoF check through a long URL string
that I've seen crash custom webservers due to the character
sets used to create the URL payload, or the size, not being
handled properly.

+ Threads: on custom web servers, poorly coded threading
can thread-lock the thing.

+ Sockets: I ran into Tomcat implemented with some custom
sockets programming that choked on multi-threaded tests
due to inability to close & recycle TCP connections fast
enough (would simply run out of proc, then mem).

+ TCP/IP stack: this is mostly old news, but I've seen
www and db servers fail due to the stack crashing on
several OSes, like old HPUX, and OpenVMS stuff back when
you had vendor-supplied custom stacks, and same with
some older Unisys systems that they customized the IP stack.

You couldn't even port-scan some of those old systems
w/out them crashing; see Sockets: above.

Then there is simply resource exhaustion, possibly due
to system limitations or web server misconfiguration.

Hope that gives you some ideas,

Arian J. Evans
FishNet Security
913.710.7085 [mobile]
816.701.2045 [office]




----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise,
you need to proactively protect your applications from hackers. Cenzic has
the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
----------------------------------------------------------------------------
--


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@xxxxxxxxxx for details.
------------------------------------------------------------------------------



Relevant Pages

  • Re: Nikto/Wikto scripts?
    ... The problem as many have with nikto is all ... when most of them spit back false positives. ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • RE: CISSP-ISSMP
    ... Luckily the school also teaches Security++, and he's good with XP so he switches to that instead, and uses a cheat sheet to pass. ... it's normal to see a test king poking out from the study guide of a lot of students in certification classes. ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • RE: Walmart using WEP
    ... Subject: Walmart using WEP ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • Re: privelege escalation with .bat files
    ... >Concerned about Web Application Security? ... As attacks through web applications continue to ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • RE: Hidden Copying Software
    ... As attacks through web applications continue to ... most comprehensive solutions to meet your application security penetration ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)