5 changed files with 362 additions and 0 deletions
@ -0,0 +1,17 @@ |
|||||
|
!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ |
||||
|
!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ |
||||
|
!_TAG_OUTPUT_FILESEP slash /slash or backslash/ |
||||
|
!_TAG_OUTPUT_MODE u-ctags /u-ctags or e-ctags/ |
||||
|
!_TAG_PROGRAM_AUTHOR Universal Ctags Team // |
||||
|
!_TAG_PROGRAM_NAME Universal Ctags /Derived from Exuberant Ctags/ |
||||
|
!_TAG_PROGRAM_URL https://ctags.io/ /official site/ |
||||
|
!_TAG_PROGRAM_VERSION 0.0.0 /a3c87ab5/ |
||||
|
DNS-Eintrag für sternwarte.at erkenntnisse.tex /^\\section{DNS-Eintrag für sternwarte.at}$/;" s |
||||
|
Disclaimer writeup.tex /^\\section*{Disclaimer}$/;" s |
||||
|
Erkenntnisse writeup.tex /^\\section{Erkenntnisse}$/;" s |
||||
|
Informationsgewinnung writeup.tex /^\\subsection{Informationsgewinnung}$/;" u section:Methodik |
||||
|
Login finden erkenntnisse.tex /^\\section{Login finden}$/;" s |
||||
|
Methodik writeup.tex /^\\section{Methodik}$/;" s |
||||
|
Reverse IP lookup erkenntnisse.tex /^\\section{Reverse IP lookup}$/;" s |
||||
|
Verwendete Programme writeup.tex /^\\subsection{Verwendete Programme}$/;" u section:Methodik |
||||
|
Zusammenfassung writeup.tex /^\\section{Zusammenfassung}$/;" s |
||||
@ -0,0 +1,5 @@ |
|||||
|
\relax |
||||
|
\bbl@beforestart |
||||
|
\catcode `"\active |
||||
|
\babel@aux{naustrian}{} |
||||
|
\@writefile{toc}{\contentsline {section}{\numberline {1}Zusammenfassung}{1}\protected@file@percent } |
||||
@ -0,0 +1,244 @@ |
|||||
|
This is pdfTeX, Version 3.14159265-2.6-1.40.20 (TeX Live 2019/Arch Linux) (preloaded format=pdflatex 2020.1.12) 2 FEB 2020 23:28 |
||||
|
entering extended mode |
||||
|
restricted \write18 enabled. |
||||
|
%&-line parsing enabled. |
||||
|
**writeup.tex |
||||
|
(./writeup.tex |
||||
|
LaTeX2e <2019-10-01> patch level 1 |
||||
|
(/usr/share/texmf-dist/tex/latex/base/article.cls |
||||
|
Document Class: article 2019/08/27 v1.4j Standard LaTeX document class |
||||
|
(/usr/share/texmf-dist/tex/latex/base/size12.clo |
||||
|
File: size12.clo 2019/08/27 v1.4j Standard LaTeX file (size option) |
||||
|
) |
||||
|
\c@part=\count80 |
||||
|
\c@section=\count81 |
||||
|
\c@subsection=\count82 |
||||
|
\c@subsubsection=\count83 |
||||
|
\c@paragraph=\count84 |
||||
|
\c@subparagraph=\count85 |
||||
|
\c@figure=\count86 |
||||
|
\c@table=\count87 |
||||
|
\abovecaptionskip=\skip41 |
||||
|
\belowcaptionskip=\skip42 |
||||
|
\bibindent=\dimen102 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/base/inputenc.sty |
||||
|
Package: inputenc 2018/08/11 v1.3c Input encoding file |
||||
|
\inpenc@prehook=\toks14 |
||||
|
\inpenc@posthook=\toks15 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/generic/babel/babel.sty |
||||
|
Package: babel 2019/10/15 3.35 The Babel package |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/generic/babel/switch.def |
||||
|
File: switch.def 2019/10/15 3.35 Babel switching mechanism |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/generic/babel-german/naustrian.ldf |
||||
|
Language: naustrian 2018/12/08 v2.11 German support for babel (post-1996 orthog |
||||
|
raphy) |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/generic/babel-german/ngermanb.ldf |
||||
|
Language: ngermanb 2018/12/08 v2.11 German support for babel (post-1996 orthogr |
||||
|
aphy) |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/generic/babel/babel.def |
||||
|
File: babel.def 2019/10/15 3.35 Babel common definitions |
||||
|
\babel@savecnt=\count88 |
||||
|
\U@D=\dimen103 |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def) |
||||
|
\bbl@dirlevel=\count89 |
||||
|
) |
||||
|
\l@naustrian = a dialect from \language\l@ngerman |
||||
|
Package babel Info: Making " an active character on input line 121. |
||||
|
))) |
||||
|
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty |
||||
|
Package: fontenc 2018/08/11 v2.0j Standard LaTeX package |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/latex/base/t1enc.def |
||||
|
File: t1enc.def 2018/08/11 v2.0j Standard LaTeX file |
||||
|
LaTeX Font Info: Redeclaring font encoding T1 on input line 48. |
||||
|
)) |
||||
|
(/usr/share/texmf-dist/tex/latex/geometry/geometry.sty |
||||
|
Package: geometry 2018/04/16 v5.8 Page Geometry |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/latex/graphics/keyval.sty |
||||
|
Package: keyval 2014/10/28 v1.15 key=value parser (DPC) |
||||
|
\KV@toks@=\toks16 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/generic/oberdiek/ifpdf.sty |
||||
|
Package: ifpdf 2018/09/07 v3.3 Provides the ifpdf switch |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/generic/oberdiek/ifvtex.sty |
||||
|
Package: ifvtex 2016/05/16 v1.6 Detect VTeX and its facilities (HO) |
||||
|
Package ifvtex Info: VTeX not detected. |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/generic/ifxetex/ifxetex.sty |
||||
|
Package: ifxetex 2010/09/12 v0.6 Provides ifxetex conditional |
||||
|
) |
||||
|
\Gm@cnth=\count90 |
||||
|
\Gm@cntv=\count91 |
||||
|
\c@Gm@tempcnt=\count92 |
||||
|
\Gm@bindingoffset=\dimen104 |
||||
|
\Gm@wd@mp=\dimen105 |
||||
|
\Gm@odd@mp=\dimen106 |
||||
|
\Gm@even@mp=\dimen107 |
||||
|
\Gm@layoutwidth=\dimen108 |
||||
|
\Gm@layoutheight=\dimen109 |
||||
|
\Gm@layouthoffset=\dimen110 |
||||
|
\Gm@layoutvoffset=\dimen111 |
||||
|
\Gm@dimlist=\toks17 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/fancyhdr/fancyhdr.sty |
||||
|
Package: fancyhdr 2019/01/31 v3.10 Extensive control of page headers and footer |
||||
|
s |
||||
|
\f@nch@headwidth=\skip43 |
||||
|
\f@nch@O@elh=\skip44 |
||||
|
\f@nch@O@erh=\skip45 |
||||
|
\f@nch@O@olh=\skip46 |
||||
|
\f@nch@O@orh=\skip47 |
||||
|
\f@nch@O@elf=\skip48 |
||||
|
\f@nch@O@erf=\skip49 |
||||
|
\f@nch@O@olf=\skip50 |
||||
|
\f@nch@O@orf=\skip51 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/listings/listings.sty |
||||
|
\lst@mode=\count93 |
||||
|
\lst@gtempboxa=\box27 |
||||
|
\lst@token=\toks18 |
||||
|
\lst@length=\count94 |
||||
|
\lst@currlwidth=\dimen112 |
||||
|
\lst@column=\count95 |
||||
|
\lst@pos=\count96 |
||||
|
\lst@lostspace=\dimen113 |
||||
|
\lst@width=\dimen114 |
||||
|
\lst@newlines=\count97 |
||||
|
\lst@lineno=\count98 |
||||
|
\lst@maxwidth=\dimen115 |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty |
||||
|
File: lstmisc.sty 2019/09/10 1.8c (Carsten Heinz) |
||||
|
\c@lstnumber=\count99 |
||||
|
\lst@skipnumbers=\count100 |
||||
|
\lst@framebox=\box28 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/listings/listings.cfg |
||||
|
File: listings.cfg 2019/09/10 1.8c listings configuration |
||||
|
)) |
||||
|
Package: listings 2019/09/10 1.8c (Carsten Heinz) |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/latex/eurosym/eurosym.sty |
||||
|
Package: eurosym 1998/08/06 v1.1 European currency symbol ``Euro'' |
||||
|
\@eurobox=\box29 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/multirow/multirow.sty |
||||
|
Package: multirow 2019/05/31 v2.5 Span multiple rows of a table |
||||
|
\multirow@colwidth=\skip52 |
||||
|
\multirow@cntb=\count101 |
||||
|
\multirow@dima=\skip53 |
||||
|
\bigstrutjot=\dimen116 |
||||
|
) |
||||
|
(/usr/share/texmf-dist/tex/latex/url/url.sty |
||||
|
\Urlmuskip=\muskip10 |
||||
|
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc. |
||||
|
) |
||||
|
No file writeup.aux. |
||||
|
\openout1 = `writeup.aux'. |
||||
|
|
||||
|
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 47. |
||||
|
LaTeX Font Info: ... okay on input line 47. |
||||
|
*geometry* driver: auto-detecting |
||||
|
*geometry* detected driver: pdftex |
||||
|
*geometry* verbose mode - [ preamble ] result: |
||||
|
* driver: pdftex |
||||
|
* paper: a4paper |
||||
|
* layout: <same size as paper> |
||||
|
* layoutoffset:(h,v)=(0.0pt,0.0pt) |
||||
|
* modes: |
||||
|
* h-part:(L,W,R)=(71.13188pt, 455.24411pt, 71.13188pt) |
||||
|
* v-part:(T,H,B)=(71.13188pt, 711.31891pt, 62.59605pt) |
||||
|
* \paperwidth=597.50787pt |
||||
|
* \paperheight=845.04684pt |
||||
|
* \textwidth=455.24411pt |
||||
|
* \textheight=711.31891pt |
||||
|
* \oddsidemargin=-1.1381pt |
||||
|
* \evensidemargin=-1.1381pt |
||||
|
* \topmargin=-38.1381pt |
||||
|
* \headheight=12.0pt |
||||
|
* \headsep=25.0pt |
||||
|
* \topskip=12.0pt |
||||
|
* \footskip=30.0pt |
||||
|
* \marginparwidth=44.0pt |
||||
|
* \marginparsep=10.0pt |
||||
|
* \columnsep=10.0pt |
||||
|
* \skip\footins=10.8pt plus 4.0pt minus 2.0pt |
||||
|
* \hoffset=0.0pt |
||||
|
* \voffset=0.0pt |
||||
|
* \mag=1000 |
||||
|
* \@twocolumnfalse |
||||
|
* \@twosidefalse |
||||
|
* \@mparswitchfalse |
||||
|
* \@reversemarginfalse |
||||
|
* (1in=72.27pt=25.4mm, 1cm=28.453pt) |
||||
|
|
||||
|
\c@lstlisting=\count102 |
||||
|
LaTeX Font Info: External font `cmex10' loaded for size |
||||
|
(Font) <14.4> on input line 48. |
||||
|
LaTeX Font Info: External font `cmex10' loaded for size |
||||
|
(Font) <7> on input line 48. |
||||
|
LaTeX Font Info: Trying to load font information for T1+cmtt on input line 5 |
||||
|
5. |
||||
|
(/usr/share/texmf-dist/tex/latex/base/t1cmtt.fd |
||||
|
File: t1cmtt.fd 2014/09/29 v2.5h Standard LaTeX font definitions |
||||
|
) |
||||
|
LaTeX Font Info: External font `cmex10' loaded for size |
||||
|
(Font) <12> on input line 55. |
||||
|
LaTeX Font Info: External font `cmex10' loaded for size |
||||
|
(Font) <8> on input line 55. |
||||
|
LaTeX Font Info: External font `cmex10' loaded for size |
||||
|
(Font) <6> on input line 55. |
||||
|
LaTeX Font Info: Trying to load font information for OMS+cmr on input line 6 |
||||
|
6. |
||||
|
|
||||
|
(/usr/share/texmf-dist/tex/latex/base/omscmr.fd |
||||
|
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions |
||||
|
) |
||||
|
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <12> not available |
||||
|
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 66. |
||||
|
[1 |
||||
|
|
||||
|
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./writeup.aux) ) |
||||
|
Here is how much of TeX's memory you used: |
||||
|
3363 strings out of 492167 |
||||
|
45030 string characters out of 6131558 |
||||
|
126616 words of memory out of 5000000 |
||||
|
7714 multiletter control sequences out of 15000+600000 |
||||
|
14470 words of font info for 36 fonts, out of 8000000 for 9000 |
||||
|
1141 hyphenation exceptions out of 8191 |
||||
|
28i,10n,45p,360b,388s stack positions out of 5000i,500n,10000p,200000b,80000s |
||||
|
{/usr |
||||
|
/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-t1.enc}</usr/share/texmf-di |
||||
|
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texmf-dist/fonts/type1 |
||||
|
/public/cm-super/sfbi2074.pfb></usr/share/texmf-dist/fonts/type1/public/cm-supe |
||||
|
r/sfbx1728.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sfbx2074.pfb> |
||||
|
</usr/share/texmf-dist/fonts/type1/public/cm-super/sfrm0800.pfb></usr/share/tex |
||||
|
mf-dist/fonts/type1/public/cm-super/sfrm1200.pfb></usr/share/texmf-dist/fonts/t |
||||
|
ype1/public/cm-super/sfrm1440.pfb></usr/share/texmf-dist/fonts/type1/public/cm- |
||||
|
super/sftt1200.pfb> |
||||
|
Output written on writeup.pdf (2 pages, 135374 bytes). |
||||
|
PDF statistics: |
||||
|
44 PDF objects out of 1000 (max. 8388607) |
||||
|
31 compressed objects within 1 object stream |
||||
|
0 named destinations out of 1000 (max. 500000) |
||||
|
1 words of extra memory for PDF output out of 10000 (max. 10000000) |
||||
|
|
||||
Binary file not shown.
@ -0,0 +1,96 @@ |
|||||
|
\documentclass[12pt]{article} |
||||
|
|
||||
|
\usepackage[utf8]{inputenc} |
||||
|
\usepackage[naustrian]{babel} |
||||
|
\usepackage[T1]{fontenc} |
||||
|
\usepackage[paper=a4paper, left=25mm, right=25mm, top=25mm, |
||||
|
bottom=22mm]{geometry} |
||||
|
\usepackage{fancyhdr} |
||||
|
\usepackage{listings} |
||||
|
\usepackage{eurosym} |
||||
|
\usepackage{multirow} |
||||
|
|
||||
|
\usepackage{url} |
||||
|
|
||||
|
\newcommand{\mytitle}{Bericht für \emph{www.sternwarte.at}} |
||||
|
\newcommand{\myfoottitle}{Bericht sternwarte.at} |
||||
|
|
||||
|
\newcommand{\mysecondtitle}{} |
||||
|
\newcommand{\mythirdtitle}{} |
||||
|
\newcommand{\mydelivery}{} |
||||
|
\newcommand{\myauthor}{Michael Preisach, SIGFLAG} |
||||
|
\newcommand{\mydate}{\today} |
||||
|
|
||||
|
\title{\textbf{\mytitle}\\[1ex]\normalsize{\mysecondtitle}} |
||||
|
\author{\textbf{\mythirdtitle}} |
||||
|
\date{\mydate} |
||||
|
|
||||
|
\pagestyle{fancy} |
||||
|
\fancypagestyle{plain} |
||||
|
{ |
||||
|
\fancyhf{} |
||||
|
\fancyfoot[L]{\scriptsize{\myfoottitle}} |
||||
|
\fancyfoot[C]{\scriptsize{}} |
||||
|
\fancyfoot[R]{\scriptsize{Seite \thepage}} |
||||
|
\renewcommand{\headrulewidth}{0pt} |
||||
|
\renewcommand{\footrulewidth}{0.5pt} |
||||
|
} |
||||
|
\fancyhf{} |
||||
|
\fancyfoot[L]{\scriptsize{\myfoottitle}} |
||||
|
\fancyfoot[C]{\scriptsize{}} |
||||
|
\fancyfoot[R]{\scriptsize{Seite \thepage}} |
||||
|
\renewcommand{\headrulewidth}{0pt} |
||||
|
\renewcommand{\footrulewidth}{0.5pt} |
||||
|
|
||||
|
\setlength{\parindent}{0mm} |
||||
|
|
||||
|
\begin{document} |
||||
|
\maketitle |
||||
|
\section*{Disclaimer} |
||||
|
Es wurden für diesen Bericht nur öffentlich einsehbare Daten verwendet. |
||||
|
Es wurden keine verschlüsselten oder durch Passwort geschützten Daten kopiert oder verwendet. |
||||
|
|
||||
|
\section{Zusammenfassung} |
||||
|
Tests wurden im Zeitraum von 15. Jänner 2020 bis 3. Februar 2020 vorgenommen. |
||||
|
Ziel dieses Tests war die Ermittlung der Angriffsoberfläche von \url{www.sternwarte.at}, der verwendeten Infrastruktur sowie eine Analyse der verwendeten Programme um schließlich eine Handlungsempfehlung zu formulieren. |
||||
|
Im Rahmen des Test wurden neben dem Server der Sternwarte auch andere Services gefunden. |
||||
|
Sofern sich diese im IP-Adressbereich in unmittelbarer Nähe befunden haben, wurden diese Server ebenfalls analysiert. |
||||
|
|
||||
|
Im Folgenden werden die wichtigsten Erkenntnisse kurz dargestellt |
||||
|
\begin{enumerate} |
||||
|
\item Keine TLS-Verschlüsselung der Website obwohl auf der Website Formulare angeboten werden, die vertrauliche Daten abfragen. |
||||
|
Dies ist meiner Ansicht nach mit der aktuellen Version der DSGVO nicht vereinbar. |
||||
|
Auch der Admin-login ist unverschlüsselt und kann daher sehr einfach in einem überwachten Netzwerk abgefangen werden. |
||||
|
Eine Verschlüsselung mit TLS1.2 oder höher in Kombination mit einem Zertifikat von Let's Encrypt löst dieses Problem effektiv. |
||||
|
\item Unauthentifiziert einsehbare Log-Datei, die Server-Fehler ausgibt: |
||||
|
\begin{itemize} |
||||
|
\item Nicht gefundene Dateien, |
||||
|
\item Fehlercodes der CGI-Skripte |
||||
|
\item Fehler von anderen Webseiten, die auf diesem Host betrieben werden |
||||
|
\item Fehler des SMTP-Servers auf diesem Host |
||||
|
\end{itemize} |
||||
|
Der unauthentifizierte Zugriff auf diese und weitere Dateien MUSS verhindert werden. |
||||
|
\item CGI Skripts können direkt ausgeführt werden und über die log-Datei können auch weitere Skripte gefunden werden. |
||||
|
Auch hier sollten Maßnahmen getroffen werden, die den Zugriff nur über ausgefüllte Formulare zulassen. |
||||
|
\item Der FTP-Server ist auf dem Standardport verfügbar und es ist mutmaßlich verwundbar auf Bruteforce-Attacken. |
||||
|
Einerseits sollte auch hier der Zugang verschlüsselt werden, etwa mit FTP over SSH\@. |
||||
|
Gegen Bruteforce-Attacken helfen zusätzlich Fail2ban und Public Keys statt Passwörtrn. |
||||
|
Dies müssen die verwendeten Anwendungen aber unterstützen. |
||||
|
\item Die Webseite kann durch modifizierte URLs in der Darstellung verändert werden. Die Daten auf dem Server müssen dafür nicht verändert werden. |
||||
|
Dazu muss die Webseite selbst angepasst werden, um nicht versehentlich aus dem vorgesehenen Arbeitsverzeichnis rauszufallen bzw.\@ das Laden externer Frames zu verhindern. |
||||
|
\item Die verwendete Software (4D Webstar 2004) ist mittlerweile über 15 Jahre alt. |
||||
|
Es gibt zwar keine bekannten Bugs, jedoch sollte es nicht schwierig sein, mit heutigen Mitteln welche zu finden. |
||||
|
Deshalb wird dringend empfohlen, den werwendeten Software-Stack auf eine gut gewartete, aktuelle Basis zu stellen. |
||||
|
Populäre Lösungen sind dafür ein aktuelles Linux mit Apache oder Nginx und den gewünschten Erweiterungen für Datenbanken und Skripting. |
||||
|
\end{enumerate} |
||||
|
|
||||
|
\section{Methodik} |
||||
|
|
||||
|
\subsection{Informationsgewinnung} |
||||
|
|
||||
|
\subsection{Verwendete Programme} |
||||
|
|
||||
|
\section{Erkenntnisse} |
||||
|
|
||||
|
|
||||
|
\end{document} |
||||
Loading…
Reference in new issue