Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Websphere pentesting questions

from [Feng Chih-hung] Network Security [Permanent Link]
Subject: Websphere pentesting questions
Date: Fri, 23 Sep 2005 14:47:00 +0800 
Hi:

In a recent pen-test I came across a few websphere sites
in the customer's perimeter. I am not familiar with websphere
, maybe the experienced ones could shed some light on it:

1. At one site I am able to access websphere system management
interface. The url is not protected and with "XML Web Administration
Tool" it provided I am able to view/modify/delete websphere resources
such as virtual host, default_app, etc. Is there any means
to further exploit it to get, say, system access or privilege
escalation?

2. With the admin tool mentioned above I dumped websphere workspace
   to an xml file in which I discovered an obfuscated password for
   ID administrator. Since the obfuscation algorithm is already known
   ( base64_encode(passwd ^ "_" ) I was able to restore the password.
   My question is where does this ID/passwd combination apply?
   Is it supposed to protect the admin interface?

3. I discovered a vulnerability in another websphere server.
   Specifically,
      http://domain.name.of.target/some.jsp works as expected. But
      http://ip.of.target/some.jsp reveals the source code
   My hypothesis is that this is a mis-configuration instead of
   a websphere software bug. Any suggestion? Could it be related
   to, say, the virtual host settings (or lack thereof)?

4. Another vulnerability in another websphere server:
   http://target/some.jsp works as expected, but
   http://target//some.jsp reveals source code
   Again, this looks like a mis-configuration because I could not
   find any information in the search of websphere vulnerability
   history.

In addition to notify the customer of the vulnerabilities I have
to help them fix the problems and confirm they are fixed.
Therefore I would need as much info as I could gather.
Any comments are appreciated.

Regards
chfong

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Websphere pentesting questions, Feng Chih-hung <=
Previous by Date:  MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows", Craig Wright
Next by Date:  Re: Passwords with Lan Manager (LM) under Windows, philippe . nospam . oechslin
Previous by Thread:  MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows", Craig Wright
Next by Thread:  PenTesting AD, Umil
Indexes:  [Date] [Thread] [Top] [All Lists]