介绍一套给网管使用的安全检查工具(转)

最新推荐文章于 2024-08-05 18:07:14 发布

cuanjun1153

最新推荐文章于 2024-08-05 18:07:14 发布

阅读量165

点赞数

介绍一套给网管使用的安全检查工具(转)[@more@]

　　介绍一套给网管使用的安全检查工具，可检查下列漏洞：

　　Web Checks - 126 Checks

　　***********************

　　Web service is running

　　Misc Evaluate web service software

　　Misc MS Proxy Server

　　Misc Remote IIS administration

　　Misc Oracle owa_util package

　　Execute Commands msadc

　　Execute Commands campas

　　Execute Commands jj

　　Execute Commands formmail

　　Execute Commands formmail.pl

　　Execute Commands faxsurvey

　　Execute Commands get32.exe

　　Execute Commands alibaba.pl

　　Execute Commands tst.bat

　　Execute Commands phf

　　Execute Commands webdist.cgi

　　Execute Commands aglimpse.cgi

　　Execute Commands echo.bat

　　Execute Commands hello.bat

　　Execute Commands loadpage.cgi

　　Execute Commands Oracle Bat files

　　View files iissamples/issamples/query.idq

　　View files iissamples/issamples/fastq.idq

　　View files iissamples/exair/search/search.idq

　　View files iissamples/exair/search/query.idq

　　View files prxdocs/misc/prxrch.idq

　　View files iissamples/issamples/oop/qfullhit.htw

　　View files iissamples/issamples/oop/qsumrhit.htw

　　View files scripts/samples/search/qfullhit.htw

　　View files scripts/samples/search/qsumrhit.htw

　　View files Webhits

　　View files scripts/samples/search/author.idq

　　View files scripts/samples/search/filesize.idq

　　View files scripts/samples/search/filetime.idq

　　View files scripts/samples/search/query.idq

　　View files scripts/samples/search/queryhit.idq

　　View files scripts/samples/search/simple.idq

　　View files scripts/samples/search/filesize.idq

　　View files scripts/samples/search/filetime.idq

　　View files scripts/samples/search/query.idq

　　View files scripts/samples/search/queryhit.idq

　　View files scripts/samples/search/simple.idq

　　View files scripts/samples/search/qfullhit.htw

　　View files scripts/samples/search/qsumrhit.htw

　　View files scripts/samples/search/webhits.exe

　　View files iissamples/exair/howitworks/codebrws.asp

　　View files msadc/samples/selector/showcode.asp

　　View files scripts/rguest.exe

　　View files cgi-bin/rguest.exe

　　View files scripts/wguest.exe

　　View files cgi-bin/wguest.exe

　　View files Search admin webhits.exe

　　View files view-source

　　View files ~root

　　View files ~ftp

　　View files FormHandler.cgi

　　View files AltaVista query

　　View files search.cgi (EZSHOPPER)

　　View files htsearch

　　View files sojourn.cgi

　　View files windmail

　　Information cfcache.map

　　Information idc reveals physical paths

　　Information bdir.htr

　　Information server-info

　　Information server-status

　　Information robots.txt

　　Information cgi-bin/enivron.pl

　　Information scripts/environ.pl

　　Information testcgi

　　Information test-cgi

　　Information test.cgi

　　Information cgitest.exe

　　Information nph-test-cgi

　　Information mkilog.exe

　　Information mkplog.exe

　　Information cgi-bin/htimage.exe

　　Information scripts/htimage.exe

　　Information names.nsf

　　Information catalog.nsf

　　Information log.nsf

　　Information domlog.nsf

　　Information domcfg.nsf

　　Information doctodep.btr

　　FrontPage administrators.pwd

　　FrontPage authors.pwd

　　FrontPage users.pwd

　　FrontPage service.pwd

　　FrontPage IIS Account shtml.dll

　　Directory Listing cgi-bin

　　Directory Listing scripts

　　Directory Listing Netscape PageService

　　Shell check cgi-bin/sh

　　Shell check cgi-bin/csh

　　Shell check cgi-bin/ksh

　　Shell check cgi-bin/tcsh

　　Shell check cgi-bin/cmd.exe

　　Shell check scripts/cmd.exe

　　Perl cgi-bin/cmd32.exe

　　Perl scripts/cmd32.exe

　　Perl cgi-bin/perl.exe

　　Perl scripts/perl.exe

　　Perl Errors reveal info

　　Create file newdsn.exe

　　BUffer overrun fpcount.exe

　　Buffer Overrun count.cgi

　　Predictable SessionID rightfax

　　Search iissamples/issamples/query.asp

　　Search iissamples/exair/search/advsearch.asp

　　Search samples/search/queryhit.htm

　　Search Netscape

　　Password Attacks iisadmpwd/aexp3.htr

　　HTTP Methods allowed to root directory

　　HTTP Methods allowed to /users

　　HTTP Methods allowed to /cgi-bin

　　HTTP Methods allowed to /scripts

　　Create file in /users directory

　　Create file in /cgi-bin directory

　　Create file in / directory

　　Create file in /scripts directory

　　File Upload repost.asp

　　File Upload cgi-win/uploader.exe

　　View Source Netscape append space

　　View Source shtml.dll

　　View Source ::$DATA

　　Configuration .htaccess

　　SMTP Service - 21 Checks

　　************************

　　SMTP service is running

　　Service software enumeration

　　EXPN command allowed

　　VRFY command allowed

　　VERB command allowed

　　Mail relaying allowed'

　　Win2k SMTP IIS Service Buffer Overrun

　　SLMail Buffer Overrun

　　Exchange Service Packs

　　Sendmail Wizard

　　Sendmail debug

　　Sendmail piped aliases

　　Mail to programs

　　Mail from bounce check

　　Sendmail 8.6.9 IDENT vulnerability

　　Sendmail 8.6.11 DoS vulnerability

　　Sendmail 8.7.5 GECOS buffer overrun vulnerability

　　Sendmail 8.8.0 MIME buffer overrun vulnerability

　　Sendmail 8.8.3 MIME buffer overrun vulnerability

　　Decode alias check

　　Mail forgery

　　FTP Checks - 7 Checks

　　*********************

　　FTP daemon is running

　　Service Software enumeration

　　IIS 4 DoS

　　Anonymous logins allowed

　　Hidden /c directory found

　　Uploads allowed to /c

　　Uploads allowed to root

　　Portmapper - 2 Checks

　　*********************

　　Portmapper is listening

　　Dump RPC Services running

　　POP3 Checks - 3 Checks

　　**********************

　　POP3 Daemon is running

　　Service software enumeration

　　QPOP buffer overrun

　　MS SQL Server Checks - 19 Checks

　　********************************

　　MS SQL Server is running

　　sa login has no password

　　Dump logins from master database

　　Dump databases

　　guest account is enabled on database

　　Dump logins with access to database

　　Audit database roles in database

　　Audit members of server-wide sysadmin role

　　Audit members of server-wide securityadmin role

　　Audit members of server-wide setupadmin role

　　Audit members of server-wide serveradmin role

　　Audit members of server-wide diskadmin role

　　Audit members of server-wide processadmin role

　　Audit members of server-wide dbcreator role

　　Check if SQL Authentication is allowed

　　Check if Mixed Mode Authentication is allowed

　　Check if NT Authentication is allowed

　　NT Accounts - 8 Checks

　　********************

　　Enumnerate Account Name

　　User Full name

　　User Comment

　　User Privs

　　User Last logon

　　User Last password change

　　Account has a blank password

　　Account has password same as userID

　　NT Shares - 3 Checks

　　********************

　　Share Name

　　Share Type

　　Null session connection

　　NT Groups - 2 Checks

　　********************

　　Enumerate group names

　　Enumerate and list members

本文来自：http://www.linuxpk.com/30665.html

--&gtlinux电子图书免费下载和技术讨论基地

·上一篇：得到了代理服务器地址该如何使用

·下一篇：网络管理员及攻击者的好帮手Wget使用

最新更新

·PGPforWindows介紹基本设定(2)

·在FreeBSD上用PHP实现在线添加FTP用户


关于我们 \| 联系方式 \| 广告合作 \| 诚聘英才 \| 网站地图 \| 网址大全 \| 友情链接 \| 免费注册


Copyright © 2004 - 2007 All Rights Reserved 来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/10763080/viewspace-970214/，如需转载，请注明出处，否则将追究法律责任。 0 0 分享到：上一篇： WinNT&Win2K下实现进程的完全隐藏(转) 下一篇：网络管理员及攻击者的好帮手Wget使用(转) 请登录后发表评论登录全部评论 <%=items[i].createtime%> <%=items[i].content%> <%if(items[i].items.items.length) { %> <%for(var j=0;j <%=items[i].items.items[j].createtime%> 回复 <%=items[i].items.items[j].username%> 回复 <%=items[i].items.items[j].tousername%>： <%=items[i].items.items[j].content%> <%}%> <%if(items[i].items.total > 5) { %> 还有<%=items[i].items.total-5%>条评论 ) data-count=1 data-flag=true>点击查看 <%}%> <%}%> <%}%> RegisterForBlog 博文量 297 访问量 1578949 最新文章 eTrust全方位实现安全管理(转) 电子支付与安全的关系及其经济分析二(转) 电子支付与安全的关系及其经济分析三(转) 让个人电脑也拥有一把保护伞—个人防火墙(转) 整体大于部分之和—ServGate的整合安全(转) 识破病毒的“障眼法”进一步防御病毒(转) 实验室环境下测试千兆入侵检测系统(转) 病毒肆虐信息安全问题不容忽视(转) 覆盖*printf()系列函数本身的返回地址(转) 中国信息安全体系机构基本框架与构想(转) 支持我们作者招募用户协议 FAQ Contact Us 北京盛拓优讯信息技术有限公司. 版权所有京ICP备09055130号-4 北京市公安局海淀分局网监中心备案编号：11010802021510 广播电视节目制作经营许可证(京) 字第1234号中国互联网协会会员