Digit Oktavianto Web Log

Catatan Sampah si Digit

BlindElephant - Web Application Fingerprinter

| Comments

BlindElephant adalah tools Web Application Fingerprinter. Dengan BlindElephant kita dapat mengetahui Web aplikasi yang sedang berjalan pada sebuah website. Cara kerja BlindElephant ini adalah mencoba membaca static file atau konfigurasi yang ada pada Web aplikasi tersebut. BlindElephant ini juga dapat mengetahui versi web aplikasi yang sedang berjalan, sehingga akan memudahkan kita dalam pencarian informasi target. Dengan mengetahui versi web aplikasi, kita dapat mencari kelemahan versi web apliaksi tersebut. Sebagai contoh misal nya ketika kita sedang melakukan fingerprint terhadap website www. abc.com ternyata dia menggunakan Wordpress 3.2. Kita dapat mencari bug Wordpress 3.2 untuk melakukan proses attacking terhadap website tersebut. Bagaimanakah cara instalasi dan penggunaan dari BlindElephant ini? Berikut ini step-step nya :


Pre-requisites:

Python 2.6.x : Di utamakan Python 2.6.5. Versi python di bawah 2.6.5 akan lebih sulit saat penginstalan BlindElephant.


Proses Instalasi




1. Buat folder tools terlebih dahulu :

digit@digit-laptop:~$ mkdir tools

2. Masuk Ke folder tools

digit@digit-laptop:~$ cd tools

3. SVN Checkout BlindElephant

digit@digit-laptop:~$ svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

4. Masuk ke folder blindelephant/src

digit@digit-laptop:~$ cd blindelephant/src

5. Install blindelephant 

sudo python setup.py install


Penggunaan BlindElephant

digit@digit-laptop:~$ python BlindElephant.py [options] url appName

Opsi / Parameter BlindElephant

-h, –help

help manual penggunaan

-p PLUGINNAME, –pluginName=PLUGINNAME

Fingerprint version of plugin (should apply to web app given in appname)

-s, –skip

Skip fingerprinting webpp, just fingerprint plugin

-n NUMPROBES, –numProbes=NUMPROBES

Number of files to fetch (more may increase accuracy). 
Default: 15

-w, –winnow

If more than one version are returned, use winnowing to attempt to narrow it down (up to numProbes additional requests).

-l, –list

List supported webapps and plugins

Gunakan “guess” (tanpa tanda kutip) untuk melakukan fingerprint terhadap webapp, dan untuk mencari tahu plugin webapp yang digunakan oleh web target.



PoC (Proof of Concept)

Menebak Aplikasi yang di gunakan pada salah satu target :

digit@digit-laptop:~$ cd /tools/blindelephant/src/blindelephant/ 




python BlindElephant.py <a href="http:/uai.ac.id " target="_blank">http://uai.ac.id </a>guess 

Probing...
Possible apps:
wordpress





python BlindElephant.py <a href="http://uai.ac.id " target="_blank">http://uai.ac.id </a>wordpress

Loaded /usr/local/lib/python2.6/dist-packages/blindelephant/dbs/wordpress.pkl with 213 versions, 5214 differentiating paths, and 300 version groups.
Starting BlindElephant fingerprint for version of wordpress at http://uai.ac.id 

Hit http://uai.ac.id/readme.html
File produced no match. Error: Retrieved file doesn't match known fingerprint. c2964276b49759db8bbf5f5700ca5260 

Hit http://uai.ac.id/wp-includes/js/tinymce/tiny_mce.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. bb5825af2869ff67e0b0a02279c2c8a1 

Hit http://uai.ac.id/wp-includes/js/autosave.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. 74ff560fc0b3d7f83267c11721386821 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/about.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. 7adc2db04ac2f06f3f365cb0a1c10620 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/source_editor.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. a8ba45d3bf5366df300dc095e7b3a630 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/link.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. 69dc6e352c8c816e6f27924bccc48d91 

Hit http://uai.ac.id/wp-includes/js/tinymce/plugins/inlinepopups/editor_plugin.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. b99d53c06b3ff7ddbe36c445846f8832 

Hit http://uai.ac.id/wp-includes/js/swfupload/handlers.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. cf914e83f173da3eb7a87d3232e96139 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/image.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. 87ed453ebccea58034f8d03603c138ec 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/color_picker.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. b45f8b587791f7753611c63068f2b645 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/anchor.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. 7ce6bf0b830231e03931daf508481f36 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/charmap.htm
File produced no match. Error: Retrieved file doesn't match known fingerprint. 3dbd99e1baa8e58ff366457e70fa595e 

Hit http://uai.ac.id/wp-content/plugins/akismet/readme.txt
File produced no match. Error: Retrieved file doesn't match known fingerprint. 397219dc64f0489ed3e3e9e597ad2db8 

Hit http://uai.ac.id/wp-includes/js/tinymce/themes/advanced/editor_template.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. fa1b1c55521b050f68f0c487ddc55483 

Hit http://uai.ac.id/wp-includes/js/tinymce/plugins/wordpress/editor_plugin.js
File produced no match. Error: Retrieved file doesn't match known fingerprint. f3bb52e62507073c28af48871eff9109 


Error: All versions ruled out!

Hahaha dia gak bisa nebak.. apa karena sudah ada settingan plugin WP Security yang menyembunyikan version WP? Entahlah :p (Kapan-kapan ini kita bahas)

Selamat Mencoba :D Happy Hacking :D



Credit :

http://www.aldeid.com/wiki/BlindElephant http://blindelephant.sourceforge.net/

Comments