Results 1 to 5 of 5

Thread: Nikto Result Interpretation

  1. #1
    Senior Member
    Join Date
    Jul 2008
    Posts
    153

    Nikto Result Interpretation

    Dear friends,

    I'm new here and I'm not sure if my question might seems so dummy to you so excuse me if it's not a right place to ask it.
    I used nikto for a site (not mine). I paste some lines here:
    ////////////////////////////////////

    + OSVDB-0: GET /scripts/samples/details.idc : See RFP 9901; www.wiretrip.net
    + OSVDB-396: GET /_vti_bin/shtml.exe : Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
    + OSVDB-0: GET /cgi-perl/handler.cgi : Variation of Irix Handler? Has been seen from other CGI scanners.
    + OSVDB-0: GET /cgi-perl/finger.pl : finger other users, may be other commands?
    + OSVDB-0: GET /cgi-perl/get32.exe : This can allow attackers to execute arbitrary commands remotely.
    + OSVDB-0: GET /cgi-perl/gm-authors.cgi : GreyMatter 'password' file, that controls who can post. This contains login and password information and is installed mode 666 by default. See http://www.attrition.org/~jericho/wo...reymatter.html for more info.
    + OSVDB-0: GET /cgi-perl/photo/protected/manage.cgi : My Photo Gallery management interface. May allow full access to photo galleries and more. Versions before 3.8 allowed anyone to view contents of any directory on systems.
    + OSVDB-0: GET /cgi-perl/wrap.cgi : possible variation: comes with IRIX 6.2; allows to view directories
    + OSVDB-0: GET /forums/@ADMINconfig.php : PHP Config file may contain database IDs and passwords.
    ///////////////////////////////////

    and much more.....Now think that the site is:www.mmm.biz
    I tried:www.mmm.biz/cgi-perl/gm-authors.cgi after I saw this result:
    "+ OSVDB-0: GET /cgi-perl/gm-authors.cgi ....."

    but the site says:
    "The page you requested could not be found...
    Click here to continue"

    Now my question is that what's the interpretation of nikto results? Where did he get /cgi-perl/gm-authors.cgi if it does not exists? or where can I access to this directory or others?

    I searched a lot for an interpretation example of nikto results but I didn't found anything. Please let me if you know any.

    Thanks a lot

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    They're the tests being done, not the results?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Nikto looks at several things that are returned by the webserver. It probably was confused by a result and reported it. As with any scanning tool, it is wise to double check the results for false positives.

    And those are results, it only shows what was found, not what was tested (at least by default).
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Senior Member
    Join Date
    Jul 2008
    Posts
    153

    Thanks

    Thanks my friends. Now I have understood that these scanners gives sometimes "false positives". Yes those are tests that have been done but the nikto's conclusion from site's response is not always correct. About double checking, it's a good idea but in the case I'm working on, it takes a very long time since the findings are several pages. That site is definitely vulnerable (I have some evidences) and I'm trying to scan it with other scanners too.
    (By the way, being a little playful I will be so happy if some of you has time and likes to help me in fighting that site )
    Thanks

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    One note.. Accessing http://1.2.3.4 might be different from http://www.mysite.com. Nikto may be scanning the IP instead of the virtual host.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup and Other Tools
    By Irongeek in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 6th, 2005, 10:35 AM
  2. Snail Alert!
    By Egaladeist in forum Spyware / Adware
    Replies: 21
    Last Post: April 15th, 2005, 11:30 PM
  3. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  4. The Microsoft conspiracy interpretation of American Pi
    By geepod in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: June 21st, 2003, 11:07 AM
  5. Nikto Help
    By t2k2 in forum IDS & Scanner Discussions
    Replies: 6
    Last Post: June 11th, 2003, 08:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •