Kapitel 11 - Angriffe auf den Webserver
11.1 - Webserver identifizieren
Die Tools:
Web-Sniffer
CIRT.net: Default Passwords
default-password.info
Die Links
[Andr_09]
Andrew; SkullSecurity: WebDAV Detection, Vulnerability Checking and Exploitation
[bruteoptions.py]
bruteoptions.py
[BSI-ISi]
BSI-Standards zur Internet-Sicherheit (ISi-Reihe)
[BSI-ISi-Web]
Sicheres Bereitstellen von Web-Angeboten (ISi-Web-Server)
[BSI-ISi-Web-Check]
Sicheres Bereitstellen von Web-Angeboten (ISi-Check)
[BSI-ISi-Web-Joomla]
ISi-Check - Sicheres Bereitstellen von Web-Angeboten mit Joomla!
[BSI-ISi-Web-L]
Sicheres Bereitstellen von Web-Angeboten (ISi-L)
[BSI-ISi-Web-LAMPP]
ISi-Check - Sicheres Bereitstellen von Web-Angeboten auf LAMP-Basis
[BSI-ISi-Web-Plone]
ISi-Check - Sicheres Bereitstellen von Web-Angeboten mit Plone
[BSI-ISi-Web-S]
Sicheres Bereitstellen von Web-Angeboten (ISi-S)
[BSI-ISi-Web-Typo3]
ISi-Check - Sicheres Bereitstellen von Web-Angeboten mit Typo3
[BSI-ISi-Web-WordPress]
ISi-Check - Sicheres Bereitstellen von Web-Angeboten mit WordPress
[BSI-Webanw]
Sicherheit von Webanwendungen: Maßnahmenkatalog und Best Practices
[Bugtraq]
Bugtraq
[CIRT.net-PW]
CIRT.net: Default Passwords
[CVE-2009-1535]
CVE-2009-1535
[CVE-2014-0226]
CVE-2014-0226
[CVE-2014-3581]
CVE-2014-3581
[CVE-Suche]
Search CVE List
[CVE-Suche-Apache]
CVE: Suchergebnisse für "apache 2.4.10"
[Debian-Apache]
Debian -- Informationen über Paket apache2-bin in jessie
[Debian-Apache-API]
Debian -- Informationen über Paket apache2-api-20120211 in jessie
[Default-PW]
default-password.info
[Exploit-DB]
Offensive Security's Exploit Database Archive
[Exploit-8704]
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
[Exploit-8754]
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)
[Exploit-8765]
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)
[Exploit-8806]
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)
[Exploit-34133]
Exploit-DB: Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
[Full-Disclosure]
Full Disclosure Mailing List
[httprint]
httprint
[IIS-WebDAV-Exploit]
Skript http-iis-webdav-vuln für Nmap
[ISC]
Internet Storm Center
[ISC-Diary]
Handler's Diary des Internet Storm Center
[Litc_06]
David Litchfield; Bugtrag: The History of the Oracle PLSQL Gateway Flaw
[Metasploit]
Metasploit-Framework
[Metasploit-WebDAV-Angriff]
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
[Metasploit-WebDAV-Suche]
MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
[MS09-020]
Microsoft Security Bulletin MS09-020 - Important: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
[MS-Adv-971492]
Microsoft Security Advisory 971492: Vulnerability in Internet Information Services Could Allow Elevation of Privilege
[Ness_09]
Jonathan Ness; Microsoft Security Research & Defense Blog: “More information about the IIS authentication bypass”
[Ness2_09]
Jonathan Ness; Microsoft Security Research & Defense Blog: “Answers to the IIS WebDAV authentication bypass questions”
[Nikto]
Nikto
[NIST-SP-800-44-2]
NIST Special Publication 800-44 Version 2: „Guidelines on Securing Public Web Servers“
[Nmap]
Nmap
[Nmap-HTTP-Methods]
Skript http-methods für Nmap
[Nmap-WebDAV]
SkullSecurity: “WebDAV Scanning with Nmap”
[OWASP-Oracle-Test]
OWASP Testing Guide v4: Testing for Oracle
[Packet-Storm]
Packet Storm Security
[Port_22]
Port Authority Database: Port 22
[Port_111]
Port Authority Database: Port 111
[Port_443]
Port Authority Database: Port 443
[Port_54321]
Port Authority Database: Port 54321
[Request-Scanner]
AskApache Request Method Security Scanner
[RFC_2616-Header]
Server-Header
[RFC_4918]
RFC 4918, HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)
[RFC_7231-Request]
RFC 7231, Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content; 4. Request Methods
[SearchSploit]
SearchSploit
[SecFocus]
SecurityFocus Vulnerabilities
[Shadowserver]
Shadowserver Foundation
[Shah_04]
Saumil Shah: „An Introduction to HTTP fingerprinting“
[Web-Sniffer]
Web-Sniffer
Zurück