Penetration Testing mailing list archives
RE: nikto, n-stealth can crash the web-server?
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Fri, 14 Jul 2006 16:04:16 -0500
Matthias,
-----Original Message----- From: Matthias Heinrich [mailto:matze-heinrich () gmx de] I'm trying to find out if web-scanners like n-stealth or nikto can crash the web-server and why.
I've seen nikto in particular cause crashes, and Nessus plugins, but it always depends on the webserver & the check, and usually it's not too hard to hunt down. Examples: + Chunked encoding tests on older IIS & apache versions + There's a Cisco ACS BoF check through a long URL string that I've seen crash custom webservers due to the character sets used to create the URL payload, or the size, not being handled properly. + Threads: on custom web servers, poorly coded threading can thread-lock the thing. + Sockets: I ran into Tomcat implemented with some custom sockets programming that choked on multi-threaded tests due to inability to close & recycle TCP connections fast enough (would simply run out of proc, then mem). + TCP/IP stack: this is mostly old news, but I've seen www and db servers fail due to the stack crashing on several OSes, like old HPUX, and OpenVMS stuff back when you had vendor-supplied custom stacks, and same with some older Unisys systems that they customized the IP stack. You couldn't even port-scan some of those old systems w/out them crashing; see Sockets: above. Then there is simply resource exhaustion, possibly due to system limitations or web server misconfiguration. Hope that gives you some ideas, Arian J. Evans FishNet Security 913.710.7085 [mobile] 816.701.2045 [office] ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- nikto, n-stealth can crash the web-server? Matthias Heinrich (Jul 14)
- RE: nikto, n-stealth can crash the web-server? Ric Messier (Jul 14)
- Re: nikto, n-stealth can crash the web-server? Christoph Puppe (Jul 14)
- <Possible follow-ups>
- RE: nikto, n-stealth can crash the web-server? Evans, Arian (Jul 14)