Re: nikto problems

hey lars,

i noticed this problem a few weeks ago after some upgrades of openssl.
with openssl v. 0.9.7 everthing works well for me.

i think libwhisker have some problems with the changes done in openssl.

as a quick and dirty work arround i wrote a small patch for libwhisker:
http://e-axe.mytty.org/stuff/nikto_ssl.patch

i know that this workarround is more than dirty, but i dont have the
time to rewrite the 10k+ lines of the whisker code...

~richie

On 9 Nov 2006 09:17:29 -0000, larsno@xxxxxxxxx <larsno@xxxxxxxxx> wrote:
Hey

I've been trying to use Nikto on some https servers, and I can't get it to work. All the necessary packets are installed. The strange thing is that it seems to be LW who can't get the response it wants. I get all the SSL certs and even the information in the response seems correct when i try nikto in debug mode. Has enyone else experienced these problems?


Here's the output from nikto -debug:

nikto.pl -debug -h xxxxxx -p 443
---------------------------------------------------------------------------
- Nikto 1.35/1.36 - www.cirt.net
D: - Target id:1:ident:xxxxxxxx:ports_in:443:
D: - Request Hash:
D: - Connection: Keep-Alive
D: - Host: xxxxxx
D: - User-Agent: Mozilla/4.75 (Nikto/1.35 )
D: - $whisker->INITIAL_MAGIC: 31337
D: - $whisker->anti_ids:
D: - $whisker->force_bodysnatch: 0
D: - $whisker->force_close: 0
D: - $whisker->force_open: 0
D: - $whisker->force_open: 0
D: - $whisker->host: xxxxxx
D: - $whisker->http_req_trailer:
D: - $whisker->http_ver: 1.1
D: - $whisker->ignore_duplicate_headers: 1
D: - $whisker->include_host_in_uri: 0
D: - $whisker->lowercase_incoming_headers: 1
D: - $whisker->method: HEAD
D: - $whisker->method_postfix:
D: - $whisker->normalize_incoming_headers: 1
D: - $whisker->port: 443
D: - $whisker->req_spacer:
D: - $whisker->req_spacer2:
D: - $whisker->retry: 1
D: - $whisker->ssl: 0
D: - $whisker->timeout: 10
D: - $whisker->trailing_slurp: 0
D: - $whisker->uri: /
D: - $whisker->uri_param_sep: ?
D: - $whisker->uri_postfix:
D: - $whisker->uri_prefix:
D: - Result Hash:
D: - $whisker->INITIAL_MAGIC 31338
D: - $whisker->error Server read timed out
D: - $whisker->retry_errors ARRAY(0x1e815b4)
D: - $whisker->uri /
D: - Request Hash:
D: - Connection: Keep-Alive
D: - Host: xxxxxxx
D: - User-Agent: Mozilla/4.75 (Nikto/1.35 )
D: - $whisker->INITIAL_MAGIC: 31337
D: - $whisker->anti_ids:
D: - $whisker->force_bodysnatch: 0
D: - $whisker->force_close: 0
D: - $whisker->force_open: 0
D: - $whisker->host: xxxxxxxx
D: - $whisker->http_req_trailer:
D: - $whisker->http_ver: 1.1
D: - $whisker->ignore_duplicate_headers: 1
D: - $whisker->include_host_in_uri: 0
D: - $whisker->lowercase_incoming_headers: 1
D: - $whisker->method: HEAD
D: - $whisker->method_postfix:
D: - $whisker->normalize_incoming_headers: 1
D: - $whisker->port: 443
D: - $whisker->req_spacer:
D: - $whisker->req_spacer2:
D: - $whisker->retry: 1
D: - $whisker->save_ssl_info: 1
D: - $whisker->ssl: 1
D: - $whisker->timeout: 10
D: - $whisker->trailing_slurp: 0
D: - $whisker->uri: /
D: - $whisker->uri_param_sep: ?
D: - $whisker->uri_postfix:
D: - $whisker->uri_prefix:
D: - Result Hash:
D: - cache-control no-cache
D: - connection close
D: - content-length 2024
D: - content-type text/html
D: - pragma no-cache
D: - $whisker->INITIAL_MAGIC 31338
D: - $whisker->code 403
D: - $whisker->http_resp 403
D: - $whisker->http_resp_message Forbidden ( The server denied the specif
ied Uniform Resource Locator (URL). Contact the server administrator. )
D: - $whisker->http_ver 1.1
D: - $whisker->lowercase_incoming_headers 1
D: - $whisker->recv_header_order ARRAY(0x1e81614)
D: - $whisker->retry_errors ARRAY(0x1e88c74)
D: - $whisker->ssl_cert_issuer /DC=xx/DC=xxxx/DC=local/CN=xxxx
D: - $whisker->ssl_cert_subject /C=XX/ST=xxxxx/L=xxxx/O=xx/OU=xxx/CN=xxxxxx
D: - $whisker->ssl_cipher RC4-MD5
D: - $whisker->uri /
+ No HTTP(s) ports found on xxxxxxxx / 443
+ 1 host(s) tested

Lars

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Relevant Pages

  • Re: How to exploit gain root of OpenSSL?
    ... The remote host seems to be running a version of OpenSSL which is older than ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
    (Pen-Test)
  • How to exploit gain root of OpenSSL?
    ... I am looking for a way to exploit and gain root, if possible to an old version of OpenSSL. ... Nessus results are: ... The remote host seems to be running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: How to exploit gain root of OpenSSL?
    ... The remote host seems to be ... running a version of OpenSSL which is older than 0.9.6k or 0.9.7c. ... Spawns a nobody/apache shell on Apache, root on other servers. ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)