Skip to content

Kekuolis/rin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.MD
README.MD
 
 
excellentLinux.txt
excellentLinux.txt
 
 
runMany.sh
runMany.sh
 
 

Repository files navigation

Penetration testing of https://ris.ucll.be/

Tools used

Nmap

It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App. The Python webserver being used is Gunicorn, it is a Unix based server, so the host system is most likely Linux, not Mac.

80/tcp   open  http 443/tcp  open  https 1221/tcp open  sweetware-apps 4022/tcp open  dnox 4024/tcp open  tnp1-port 8172/tcp open  unknown

Port 1221 has existing exploits, but only for windows machines

It is worth noting that there might be some issues with Gunicorn

Scanning gunicorn with a python dependency vulnerability scanner safety resulted in: 

Tested 5 dependencies for known security issues using default Safety CLI policies
0 security issues found, 0 fixes suggested
(27 vulnerabilities were ignored due to project policy)

Dirbuster

Looking for nested directions yielded no results.

ZAP

Using ZAP produced several warnings on the website. Paths under: /auth/login auth/register auth/request-reset-password /robots.txt /sitemap.xml are all missing a content security policy, this may expose the website to a XSS vulnerability. While the login screen is likely to not pose any threat to the website, I cannot be sure about the structure of the inner website, but if there are warnings here, there might be similar issues elsewhere.

It also found a missing anti click-jacking header in /auth/login auth/register auth/request-reset-password

Sqlmap

Checking for SQL injections with the --dbs flag to only enumerate table names, SQL Map cannot find any injectable fields.

dir_scanner

Found paths: /Sources/ /code/ /data/ /profile/ report/ /user All of these require a login to access.

SQL

error_sql_injection

Returned nothing, the website is safe against problems that come from errors generated by SQL queries.

blind_sql_query

Returned nothing, tested various SQL injections.

multi/http/atutor_sqli

Website is not vulnerable to remote code execution.

linux/http/centreon_sqli_exec

Not vulnerable

Python

linux/http/netsweeper_webadmin_unixlogin

A Python vulnerability was detected, but the website is not running Netsweeper so it is not vulnerable.

linux/http/pyload_js2py_exec

Python code injection, the target appears to be vulnerable. but the required ports 9666 and 8000 are closed, so the session was not created.

gather/python_flask_cookie_signer

Port 80/443 vulnerability failed

cmd/unix/reverse_python

They fail to bind to ports. I cannot test this further, as that would cause instability.

linux/http/dcos_marathon

Failed to connect to the targeturi.

linux/http/docker_daemon_tcp

Disconnected by the website

exploit/linux/http/saltstack_salt_wheel_async_rce

Fails to bind

multi/http/jenkins_xstream_deserialize

Fails to bind

Local file inclusion

unix/webapp/aerohive_netconfig_lfi_log_poison_rce

Not running Aerohive

multi/http/cacti_pollers_sqli_rce

Not running cacti

linux/http/symantec_web_gateway_lfi

Not using Symantec

unix/webapp/tikiwiki_upload_exec

Failed to upload file

unix/webapp/zimbra_lfi

Failed to access the URL

linux/http/zyxel_lfi_unauth_ssh_rce

The target is not vulnerable.

linux/http/elfinder_archive_cmd_injection

The target is not vulnerable.

exploit/unix/webapp/elfinder_php_connector_exiftran_cmd_injection

The target is not vulnerable

http

linux/http/ivanti_connect_secure_rce_cve_2023_46805

Does not run Ivanti

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages