WMAP Web scanner with metasploit

Berikut adalah tutorial Wmap cekidot.
 buka msfconsole

Code:

msfconsole


MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMM                MMMMMMMMMM
MMMN$                           vMMMM
MMMNl  MMMMM             MMMMM  JMMMM
MMMNl  MMMMMMMN       NMMMMMMM  JMMMM
MMMNl  MMMMMMMMMNmmmNMMMMMMMMM  JMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMMMMMMMMMMMMMMMMMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMMM   MMMMMMM   MMMMM  jMMMM
MMMNI  MMMNM   MMMMMMM   MMMMM  jMMMM
MMMNI  WMMMM   MMMMMMM   MMMM#  JMMMM
MMMMR  ?MMNM             MMMMM .dMMMM
MMMMNm `?MMM             MMMM` dMMMMM
MMMMMMN  ?MM             MM?  NMMMMMN
MMMMMMMMNe                 JMMMMMNMMM
MMMMMMMMMMNm,            eMMMMMNMMNMM
MMMMNNMNMMMMMNx        MMMMMMNMMNMMNM
MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM



       =[ metasploit v4.0.0-release [core:4.0 api:1.0]
+ -- --=[ 716 exploits - 361 auxiliary - 68 post
+ -- --=[ 226 payloads - 27 encoders - 8 nops
       =[ svn r14726 updated 199 days ago (2011.08.01)

Warning: This copy of the Metasploit Framework was last updated 199 days ago.
         We recommend that you update the framework at least every other day.
         For information on updating your copy of Metasploit, please see:
             https://community.rapid7.com/docs/DOC-1306

msf>

buka wmap, sebelum wmap di load kita koneksikan dulu ke databasenya.

Code:

msf > db_connect -y /opt/framework/config/database.yml
[*] Using database driver postgresql
msf > load wmap
[*] [WMAP 1.0] ===  et [  ] metasploit.com 2011
[*] Successfully loaded plugin: wmap

ini command standar wmap

Code:

msf > help

Wmap Commands
=============

    Command       Description
    -------       -----------
    wmap_run      Test targets
    wmap_sites    Manage sites
    wmap_targets  Manage targets

udah ada site dan target belum yah??mari kita lihat

Code:

msf > wmap_sites -l
Available sites
===============

     Id  Host  Vhost  Port  # Pages  # Forms
     --  ----  -----  ----  -------  -------

msf > wmap_targets -l
[*] No targets have been defined

ternyata belum ada,, kita tambahin site nya dulu 

Code:

msf > wmap_sites -a http://depkes.go.id/
[*] Site created.

ok lihat lagi target nya

msf > wmap_sites -l
Available sites
===============

     Id  Host          Vhost         Port  # Pages  # Forms
     --  ----          -----         ----  -------  -------
     0   202.70.136.4  202.70.136.4  80    0        0

tambahin site nya ke target kita

Code:

msf > wmap_targets -t http://202.70.136.4

waktunya menjalankan misi 
lihat option dulu yah

Code:

msf > wmap_run -h
[*] Usage: wmap_run [options]
    -h            Display this help text
    -t            Show all enabled modules
    -m [regex]    Launch only modules that name match provided regex.
    -e [/path/to/profile]        Launch profile modules against all matched targets.
                                No file runs all enabled modules.

lihat dulu modul yang cocok sama target kita

Code:

msf > wmap_run -t
[*] Testing target:
[*]     Site: 202.70.136.4 (202.70.136.4)
[*]     Port: 80 SSL: false
============================================================
[*] Testing started. 2012-02-16 20:29:20 +0700

=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=
============================================================
[*] Loaded auxiliary/admin/http/contentkeeper_fileaccess ...
[*] Loaded auxiliary/admin/http/tomcat_administration ...
[*] Loaded auxiliary/admin/http/tomcat_utf8_traversal ...
[*] Loaded auxiliary/scanner/http/frontpage_login ...
[*] Loaded auxiliary/scanner/http/http_version ...
[*] Loaded auxiliary/scanner/http/open_proxy ...
[*] Loaded auxiliary/scanner/http/options ...
[*] Loaded auxiliary/scanner/http/robots_txt ...
[*] Loaded auxiliary/scanner/http/svn_scanner ...
[*] Loaded auxiliary/scanner/http/verb_auth_bypass ...
[*] Loaded auxiliary/scanner/http/vhost_scanner ...
[*] Loaded auxiliary/scanner/http/web_vulndb ...
[*] Loaded auxiliary/scanner/http/webdav_internal_ip ...
[*] Loaded auxiliary/scanner/http/webdav_scanner ...
[*] Loaded auxiliary/scanner/http/webdav_website_content ...

=[ File/Dir testing ]=
============================================================
[*] Loaded auxiliary/scanner/http/backup_file ...
[*] Loaded auxiliary/scanner/http/brute_dirs ...
[*] Loaded auxiliary/scanner/http/copy_of_file ...
[*] Loaded auxiliary/scanner/http/dir_listing ...
[*] Loaded auxiliary/scanner/http/dir_scanner ...
[*] Loaded auxiliary/scanner/http/dir_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/file_same_name_dir ...
[*] Loaded auxiliary/scanner/http/files_dir ...
[*] Loaded auxiliary/scanner/http/ms09_020_webdav_unicode_bypass ...
[*] Loaded auxiliary/scanner/http/prev_dir_same_name_file ...
[*] Loaded auxiliary/scanner/http/replace_ext ...
[*] Loaded auxiliary/scanner/http/trace_axd ...
[*] Loaded auxiliary/scanner/http/writable ...

=[ Unique Query testing ]=
============================================================
[*] Loaded auxiliary/scanner/http/blind_sql_query ...
[*] Loaded auxiliary/scanner/http/error_sql_injection ...

=[ Query testing ]=
============================================================

=[ General testing ]=
============================================================
[*] Analysis completed in 5.741826057434082 seconds.
[*] Done.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ok melakukan scanning

Code:

wmap_run -e
[*] Using ALL wmap enabled modules.
[*] Testing target:
[*]     Site: 202.70.136.4 (202.70.136.4)
[*]     Port: 80 SSL: false
============================================================
[*] Testing started. 2012-02-16 20:31:36 +0700

=[ SSL testing ]=
============================================================
[*] Target is not SSL. SSL modules disabled.

=[ Web Server testing ]=
============================================================
Module auxiliary/admin/http/contentkeeper_fileaccess

[*] Attempting to connect to 202.70.136.4:80
[-] Attempt returned HTTP error 404 on 202.70.136.4:80 Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /cgi-bin/ck/mimencode was not found on this server.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at 202.70.136.4 Port 80</address>
</body></html>

Module auxiliary/admin/http/tomcat_administration
Module auxiliary/admin/http/tomcat_utf8_traversal
[*] Attempting to connect to 202.70.136.4:80
[-] Attempt #1 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #2 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #3 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #4 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #5 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #6 returned HTTP error 404 on 202.70.136.4:80
[-] Attempt #7 returned HTTP error 404 on 202.70.136.4:80
Module auxiliary/scanner/http/frontpage_login
[*] http://202.70.136.4/ may not support FrontPage Server Extensions
Module auxiliary/scanner/http/http_version
[*] 202.70.136.4 Apache/2.2.3 (CentOS) ( Powered by PHP/5.1.6 )
Module auxiliary/scanner/http/open_proxy
Module auxiliary/scanner/http/options
Module auxiliary/scanner/http/robots_txt
[*] [202.70.136.4] /robots.txt found
Module auxiliary/scanner/http/svn_scanner
[*] Using code '404' as not found.
Module auxiliary/scanner/http/verb_auth_bypass
[*] [202.70.136.4] Authentication not required. / 200
Module auxiliary/scanner/http/vhost_scanner
[*]  >> Exception during launch from auxiliary/scanner/http/vhost_scanner: The following options failed to validate: DOMAIN.
Module auxiliary/scanner/http/web_vulndb
[*]  >> Exception during launch from auxiliary/scanner/http/web_vulndb: The following options failed to validate: VULNCSV.
Module auxiliary/scanner/http/webdav_internal_ip
Module auxiliary/scanner/http/webdav_scanner
Module auxiliary/scanner/http/webdav_website_content

=[ File/Dir testing ]=
============================================================
Module auxiliary/scanner/http/backup_file:
Module auxiliary/scanner/http/brute_dirs:
[*] Path: /
[*] Using code '404' as not found.
Module auxiliary/scanner/http/copy_of_file:
Module auxiliary/scanner/http/dir_listing:
[*] Path: /
Module auxiliary/scanner/http/dir_scanner:
[*] Path: /
[*] Detecting error code
[*] Using code '404' as not found for 202.70.136.4
[*] Found http://202.70.136.4:80/CHANGELOG/ 200 (202.70.136.4)
[*] Found http://202.70.136.4:80/LICENSE/ 200 (202.70.136.4)
[*] Found http://202.70.136.4:80/administrator/ 303 (202.70.136.4)
[*] Found http://202.70.136.4:80/cache/ 200 (202.70.136.4)
[*] Found http://202.70.136.4:80/cgi-bin/ 403 (202.70.136.4)
Module auxiliary/scanner/http/dir_webdav_unicode_bypass:
[*] Path: /
[*] Using code '404' as not found.
Module auxiliary/scanner/http/file_same_name_dir:
[*] Path: /
[-] Blank or default PATH set.
Module auxiliary/scanner/http/files_dir:
[*] Path: /
[*] Using code '404' as not found for files with extension .null
Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass:
[*] Path: /
[-] NO Response.
Module auxiliary/scanner/http/prev_dir_same_name_file:
[*] Path: /
[-] Blank or default PATH set.
Module auxiliary/scanner/http/replace_ext:
Module auxiliary/scanner/http/trace_axd:
[*] Path: /
Module auxiliary/scanner/http/writable:
[*] Path: /

=[ Unique Query testing ]=
============================================================

=[ Query testing ]=
============================================================

=[ General testing ]=
============================================================

yuk mari kita lihat hasilnya 
taaadaaaaa 

Code:

msf > hosts -c address,svcs,vulns

Hosts
=====

address         svcs  vulns
-------         ----  -----
192.168.100.10  1     0
202.70.136.4    1     0

ternyata sitenya gak vuln -_-"