Seguridad en Apache Web Server

Seguridad en Aplicaciones WebSiempre hay nuevos tricks

ldquoUn ejemplo con Apache Web Serverrdquo

Chema Alonsochemainformatica64comchemaalonsohttpwwwelladodelmalcomhttpwwwinformatica64com

Web Penetration Testing

Apache Web Server

Vulnerabilidades

Tecnologiacutea Personas

- ApacheWeb Server- Aplicaciones (moacutedulos CMS framewoks)- Protocolos (HTTP HTTP-s WebDAV)

- Administrador- Desarrollador- Usuario

Vulnerabilidades Software

Evaluacioacuten

Fase 1 Reconocimiento del Software

El mensaje de Error

Mensajes de Apache

200 OK301 Redirect400 Bad Request403 Forbidden405 Not Allowed404 Not Found411 Length Required500 Internal Server Error501 Method Not Implement

Banner

HTTP11 200 OKDate Thu 27 Oct 2011 095401 GMTServer Apache2315-dev (Unix)

mod_ssl2315-dev OpenSSL100cLast-Modified Thu 27 Oct 2011 091027 GMTETag 102b9a6-8c14-4b04424b5c6c0Accept-Ranges bytesContent-Length 35860Vary Accept-EncodingCache-Control max-age=3600Expires Thu 27 Oct 2011 105401 GMTConnection closeContent-Type texthtml charset=utf-8

Banner

httpwwwfundaciondedaloorg

httphttpdapacheorgsecurityvulnerabilities_22html

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

VARIABLES DE OCULTACIOacuteN DE BANNER

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

BUSCAR MANUAL DE APACHE

Framework Error Messages

Frameworks JSP

Framework Error MessagesFramework WebDNA

Framework Error MessagesFramework Coldfusion

HPC HTTP Parameter Contamination

Fase 2 Fallos en la configuracioacuten

LDAP Policiacutea

HTTP Methods

GET rarr Dame una paacuteginaPOST rarr Te enviacuteo datosPUT rarr Te enviacuteo un ficheroDELETE rarr Borra este ficheroTRACE rarr Devueacutelveme estoHEAD -gt Dame el tamantildeo del archivoCONNECT rarr Hazme de Proxyhellip

Meacutetodos PermitidosOPTIONS folder HTTP10

Subir una shell

PUT shellphp HTTP11Host ServercomContent-Type textplainContent-LengthXXX

Robar Cookies HTTP-Only

- Cookies mantienen la sesioacuten

- Si un usuario la roba rarr Hijacking

- Por seguridad cookies no son accesibles por Javascript para evitar robos XSS rarr HTTPOnly

Ataque Trace (Jeremiah Grossman)

1) Un ataque XSS rarr fuerza un Trace contra el servidor viacutectima

2) En la peticioacuten Trace se antildeade la cookie

3) Una vez en la conexioacuten HTTP se roba con Javascript

Servicio Proxy

- Permite a un cliente navegar a traveacutes de un servidor Web

1) Ataques remotos con la direccioacuten IP del servidor

2) Conectarse a servidores internos no publicados

- Formas de deteccioacuten

1) Meacutetodo Connect2) Proxy transparente3) Reverse Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Mod_Proxy Reverse Proxy Bug

Bug RewriteRule ^() httpinternalserver80$

GET InternalNotAccessibleServerconsole HTTP10Host wwwpublicservercom

VERB Tampering SQL Injection

1) En auditorias de seguridad se descubren vulnerabilidades SQL injection

2) Se reportan al cliente

3) Parchea el bug

4) Comprobamos el bug

HEAD adminloginaspuser=lsquoshutdownHost victim

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

RANGE Bytes + Gzip DOS

- Permite solicitar partes de archivos- Pensado para descargas grandes- El atacante solicita muchos pequentildeos

pedazos- El servidor tiene que comprimirlos con gzip- Al final se satura la CPU del sistema y cae

HEAD HTTP11Host wwwfundaciondedaloorgRangebytes=0-10Accept-Encoding gzipConnection close

SLOWRIS GETPOST

Almost All implemented in FOCA PRO 3

El mensaje de Error

FINGERPRINTING

Framework Error Messages (2)

LDAP Policiacutea

LDAP Policiacutea (2)

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Mod_Proxy Reverse Proxy Bug (2)

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Web Penetration Testing

Apache Web Server

Vulnerabilidades

Evaluacioacuten

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Apache Web Server

Vulnerabilidades

Evaluacioacuten

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Vulnerabilidades

Evaluacioacuten

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Evaluacioacuten

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Evaluacioacuten

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Mensajes de Apache

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Banner

httpwwwmarcacom

iquestVersioacuten

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Ocultado el Banner

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Fingerprinting

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

FINGERPRINTING

HTTPRINT

(MD5)FAVICON

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Frameworks JSP

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

LDAP Policiacutea

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

HTTP Methods

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Subir una shell

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Connect Method

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Transparent Proxy

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Mod_Proxy DOS

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

3) Parchea el bug

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

El mensaje de Error

FINGERPRINTING

LDAP Policiacutea

Servicio Proxy

Connect Method

Transparent Proxy

Mod_Proxy DOS

Fase 3 Human Fails

Robotstxt

Directory Listing

listing

DS_Store Files

Mod_Negotiation

Mod_user_dir

SVNEntries

SLOWRIS GETPOST

Technology

Seguridad en Apache Web Server