Electronic Books

Scanning
171
Lab 38: CGI Vulnerability Scanner
Identify CGI Vulnerabilities: TCS CGI Scanner
Prerequisites: None
Countermeasures: Bastion servers/workstations, host-based firewalls, OS
updates
Description: The TCS Common Gateway Interface (CGI) Scanner application
is designed to find targets that have vulnerable CGI Script errors.
These errors are normally due to systems that have not been patched
or updated.
Procedure: Start the CGI Scanner, enter the target IP address, and run.
From the directory containing the TCS Scanner, double-click the TCS application
icon.
The TCS CGI Scanner will start.
172
Practical Hacking Techniques and Countermeasures
Click to highlight the default target of htpp://www.tpp.ru and click on
the at the top left of the application to delete the current target.
On the gray bar along the top left of the application, enter the IP address
or hostname of the target and click on the gray-colored arrow to insert the
new target. Repeat this process for multiple targets.
The TCS CGI Scanner is now ready to scan the target. Click on the to
start the scan. The results are displayed in the lower screen of the application.
Scanning
173
In this example, each script run against the target is displayed with the
result to the right. The ones of interest are any with a 200 as this indicates a
successful attempt.
In this example, I scrolled down to check for a Unicode exploit. The Unicode
exploit is used to provide a directory listing of the hard drive of the target.


Pages:
67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91