5 changed files with 362 additions and 0 deletions
@ -0,0 +1,17 @@ |
|||
!_TAG_FILE_FORMAT 2 /extended format; --format=1 will not append ;" to lines/ |
|||
!_TAG_FILE_SORTED 1 /0=unsorted, 1=sorted, 2=foldcase/ |
|||
!_TAG_OUTPUT_FILESEP slash /slash or backslash/ |
|||
!_TAG_OUTPUT_MODE u-ctags /u-ctags or e-ctags/ |
|||
!_TAG_PROGRAM_AUTHOR Universal Ctags Team // |
|||
!_TAG_PROGRAM_NAME Universal Ctags /Derived from Exuberant Ctags/ |
|||
!_TAG_PROGRAM_URL https://ctags.io/ /official site/ |
|||
!_TAG_PROGRAM_VERSION 0.0.0 /a3c87ab5/ |
|||
DNS-Eintrag für sternwarte.at erkenntnisse.tex /^\\section{DNS-Eintrag für sternwarte.at}$/;" s |
|||
Disclaimer writeup.tex /^\\section*{Disclaimer}$/;" s |
|||
Erkenntnisse writeup.tex /^\\section{Erkenntnisse}$/;" s |
|||
Informationsgewinnung writeup.tex /^\\subsection{Informationsgewinnung}$/;" u section:Methodik |
|||
Login finden erkenntnisse.tex /^\\section{Login finden}$/;" s |
|||
Methodik writeup.tex /^\\section{Methodik}$/;" s |
|||
Reverse IP lookup erkenntnisse.tex /^\\section{Reverse IP lookup}$/;" s |
|||
Verwendete Programme writeup.tex /^\\subsection{Verwendete Programme}$/;" u section:Methodik |
|||
Zusammenfassung writeup.tex /^\\section{Zusammenfassung}$/;" s |
|||
@ -0,0 +1,5 @@ |
|||
\relax |
|||
\bbl@beforestart |
|||
\catcode `"\active |
|||
\babel@aux{naustrian}{} |
|||
\@writefile{toc}{\contentsline {section}{\numberline {1}Zusammenfassung}{1}\protected@file@percent } |
|||
@ -0,0 +1,244 @@ |
|||
This is pdfTeX, Version 3.14159265-2.6-1.40.20 (TeX Live 2019/Arch Linux) (preloaded format=pdflatex 2020.1.12) 2 FEB 2020 23:28 |
|||
entering extended mode |
|||
restricted \write18 enabled. |
|||
%&-line parsing enabled. |
|||
**writeup.tex |
|||
(./writeup.tex |
|||
LaTeX2e <2019-10-01> patch level 1 |
|||
(/usr/share/texmf-dist/tex/latex/base/article.cls |
|||
Document Class: article 2019/08/27 v1.4j Standard LaTeX document class |
|||
(/usr/share/texmf-dist/tex/latex/base/size12.clo |
|||
File: size12.clo 2019/08/27 v1.4j Standard LaTeX file (size option) |
|||
) |
|||
\c@part=\count80 |
|||
\c@section=\count81 |
|||
\c@subsection=\count82 |
|||
\c@subsubsection=\count83 |
|||
\c@paragraph=\count84 |
|||
\c@subparagraph=\count85 |
|||
\c@figure=\count86 |
|||
\c@table=\count87 |
|||
\abovecaptionskip=\skip41 |
|||
\belowcaptionskip=\skip42 |
|||
\bibindent=\dimen102 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/base/inputenc.sty |
|||
Package: inputenc 2018/08/11 v1.3c Input encoding file |
|||
\inpenc@prehook=\toks14 |
|||
\inpenc@posthook=\toks15 |
|||
) |
|||
(/usr/share/texmf-dist/tex/generic/babel/babel.sty |
|||
Package: babel 2019/10/15 3.35 The Babel package |
|||
|
|||
(/usr/share/texmf-dist/tex/generic/babel/switch.def |
|||
File: switch.def 2019/10/15 3.35 Babel switching mechanism |
|||
) |
|||
(/usr/share/texmf-dist/tex/generic/babel-german/naustrian.ldf |
|||
Language: naustrian 2018/12/08 v2.11 German support for babel (post-1996 orthog |
|||
raphy) |
|||
|
|||
(/usr/share/texmf-dist/tex/generic/babel-german/ngermanb.ldf |
|||
Language: ngermanb 2018/12/08 v2.11 German support for babel (post-1996 orthogr |
|||
aphy) |
|||
|
|||
(/usr/share/texmf-dist/tex/generic/babel/babel.def |
|||
File: babel.def 2019/10/15 3.35 Babel common definitions |
|||
\babel@savecnt=\count88 |
|||
\U@D=\dimen103 |
|||
|
|||
(/usr/share/texmf-dist/tex/generic/babel/txtbabel.def) |
|||
\bbl@dirlevel=\count89 |
|||
) |
|||
\l@naustrian = a dialect from \language\l@ngerman |
|||
Package babel Info: Making " an active character on input line 121. |
|||
))) |
|||
(/usr/share/texmf-dist/tex/latex/base/fontenc.sty |
|||
Package: fontenc 2018/08/11 v2.0j Standard LaTeX package |
|||
|
|||
(/usr/share/texmf-dist/tex/latex/base/t1enc.def |
|||
File: t1enc.def 2018/08/11 v2.0j Standard LaTeX file |
|||
LaTeX Font Info: Redeclaring font encoding T1 on input line 48. |
|||
)) |
|||
(/usr/share/texmf-dist/tex/latex/geometry/geometry.sty |
|||
Package: geometry 2018/04/16 v5.8 Page Geometry |
|||
|
|||
(/usr/share/texmf-dist/tex/latex/graphics/keyval.sty |
|||
Package: keyval 2014/10/28 v1.15 key=value parser (DPC) |
|||
\KV@toks@=\toks16 |
|||
) |
|||
(/usr/share/texmf-dist/tex/generic/oberdiek/ifpdf.sty |
|||
Package: ifpdf 2018/09/07 v3.3 Provides the ifpdf switch |
|||
) |
|||
(/usr/share/texmf-dist/tex/generic/oberdiek/ifvtex.sty |
|||
Package: ifvtex 2016/05/16 v1.6 Detect VTeX and its facilities (HO) |
|||
Package ifvtex Info: VTeX not detected. |
|||
) |
|||
(/usr/share/texmf-dist/tex/generic/ifxetex/ifxetex.sty |
|||
Package: ifxetex 2010/09/12 v0.6 Provides ifxetex conditional |
|||
) |
|||
\Gm@cnth=\count90 |
|||
\Gm@cntv=\count91 |
|||
\c@Gm@tempcnt=\count92 |
|||
\Gm@bindingoffset=\dimen104 |
|||
\Gm@wd@mp=\dimen105 |
|||
\Gm@odd@mp=\dimen106 |
|||
\Gm@even@mp=\dimen107 |
|||
\Gm@layoutwidth=\dimen108 |
|||
\Gm@layoutheight=\dimen109 |
|||
\Gm@layouthoffset=\dimen110 |
|||
\Gm@layoutvoffset=\dimen111 |
|||
\Gm@dimlist=\toks17 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/fancyhdr/fancyhdr.sty |
|||
Package: fancyhdr 2019/01/31 v3.10 Extensive control of page headers and footer |
|||
s |
|||
\f@nch@headwidth=\skip43 |
|||
\f@nch@O@elh=\skip44 |
|||
\f@nch@O@erh=\skip45 |
|||
\f@nch@O@olh=\skip46 |
|||
\f@nch@O@orh=\skip47 |
|||
\f@nch@O@elf=\skip48 |
|||
\f@nch@O@erf=\skip49 |
|||
\f@nch@O@olf=\skip50 |
|||
\f@nch@O@orf=\skip51 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/listings/listings.sty |
|||
\lst@mode=\count93 |
|||
\lst@gtempboxa=\box27 |
|||
\lst@token=\toks18 |
|||
\lst@length=\count94 |
|||
\lst@currlwidth=\dimen112 |
|||
\lst@column=\count95 |
|||
\lst@pos=\count96 |
|||
\lst@lostspace=\dimen113 |
|||
\lst@width=\dimen114 |
|||
\lst@newlines=\count97 |
|||
\lst@lineno=\count98 |
|||
\lst@maxwidth=\dimen115 |
|||
|
|||
(/usr/share/texmf-dist/tex/latex/listings/lstmisc.sty |
|||
File: lstmisc.sty 2019/09/10 1.8c (Carsten Heinz) |
|||
\c@lstnumber=\count99 |
|||
\lst@skipnumbers=\count100 |
|||
\lst@framebox=\box28 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/listings/listings.cfg |
|||
File: listings.cfg 2019/09/10 1.8c listings configuration |
|||
)) |
|||
Package: listings 2019/09/10 1.8c (Carsten Heinz) |
|||
|
|||
(/usr/share/texmf-dist/tex/latex/eurosym/eurosym.sty |
|||
Package: eurosym 1998/08/06 v1.1 European currency symbol ``Euro'' |
|||
\@eurobox=\box29 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/multirow/multirow.sty |
|||
Package: multirow 2019/05/31 v2.5 Span multiple rows of a table |
|||
\multirow@colwidth=\skip52 |
|||
\multirow@cntb=\count101 |
|||
\multirow@dima=\skip53 |
|||
\bigstrutjot=\dimen116 |
|||
) |
|||
(/usr/share/texmf-dist/tex/latex/url/url.sty |
|||
\Urlmuskip=\muskip10 |
|||
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc. |
|||
) |
|||
No file writeup.aux. |
|||
\openout1 = `writeup.aux'. |
|||
|
|||
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 47. |
|||
LaTeX Font Info: ... okay on input line 47. |
|||
*geometry* driver: auto-detecting |
|||
*geometry* detected driver: pdftex |
|||
*geometry* verbose mode - [ preamble ] result: |
|||
* driver: pdftex |
|||
* paper: a4paper |
|||
* layout: <same size as paper> |
|||
* layoutoffset:(h,v)=(0.0pt,0.0pt) |
|||
* modes: |
|||
* h-part:(L,W,R)=(71.13188pt, 455.24411pt, 71.13188pt) |
|||
* v-part:(T,H,B)=(71.13188pt, 711.31891pt, 62.59605pt) |
|||
* \paperwidth=597.50787pt |
|||
* \paperheight=845.04684pt |
|||
* \textwidth=455.24411pt |
|||
* \textheight=711.31891pt |
|||
* \oddsidemargin=-1.1381pt |
|||
* \evensidemargin=-1.1381pt |
|||
* \topmargin=-38.1381pt |
|||
* \headheight=12.0pt |
|||
* \headsep=25.0pt |
|||
* \topskip=12.0pt |
|||
* \footskip=30.0pt |
|||
* \marginparwidth=44.0pt |
|||
* \marginparsep=10.0pt |
|||
* \columnsep=10.0pt |
|||
* \skip\footins=10.8pt plus 4.0pt minus 2.0pt |
|||
* \hoffset=0.0pt |
|||
* \voffset=0.0pt |
|||
* \mag=1000 |
|||
* \@twocolumnfalse |
|||
* \@twosidefalse |
|||
* \@mparswitchfalse |
|||
* \@reversemarginfalse |
|||
* (1in=72.27pt=25.4mm, 1cm=28.453pt) |
|||
|
|||
\c@lstlisting=\count102 |
|||
LaTeX Font Info: External font `cmex10' loaded for size |
|||
(Font) <14.4> on input line 48. |
|||
LaTeX Font Info: External font `cmex10' loaded for size |
|||
(Font) <7> on input line 48. |
|||
LaTeX Font Info: Trying to load font information for T1+cmtt on input line 5 |
|||
5. |
|||
(/usr/share/texmf-dist/tex/latex/base/t1cmtt.fd |
|||
File: t1cmtt.fd 2014/09/29 v2.5h Standard LaTeX font definitions |
|||
) |
|||
LaTeX Font Info: External font `cmex10' loaded for size |
|||
(Font) <12> on input line 55. |
|||
LaTeX Font Info: External font `cmex10' loaded for size |
|||
(Font) <8> on input line 55. |
|||
LaTeX Font Info: External font `cmex10' loaded for size |
|||
(Font) <6> on input line 55. |
|||
LaTeX Font Info: Trying to load font information for OMS+cmr on input line 6 |
|||
6. |
|||
|
|||
(/usr/share/texmf-dist/tex/latex/base/omscmr.fd |
|||
File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions |
|||
) |
|||
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <12> not available |
|||
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 66. |
|||
[1 |
|||
|
|||
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] (./writeup.aux) ) |
|||
Here is how much of TeX's memory you used: |
|||
3363 strings out of 492167 |
|||
45030 string characters out of 6131558 |
|||
126616 words of memory out of 5000000 |
|||
7714 multiletter control sequences out of 15000+600000 |
|||
14470 words of font info for 36 fonts, out of 8000000 for 9000 |
|||
1141 hyphenation exceptions out of 8191 |
|||
28i,10n,45p,360b,388s stack positions out of 5000i,500n,10000p,200000b,80000s |
|||
{/usr |
|||
/share/texmf-dist/fonts/enc/dvips/cm-super/cm-super-t1.enc}</usr/share/texmf-di |
|||
st/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texmf-dist/fonts/type1 |
|||
/public/cm-super/sfbi2074.pfb></usr/share/texmf-dist/fonts/type1/public/cm-supe |
|||
r/sfbx1728.pfb></usr/share/texmf-dist/fonts/type1/public/cm-super/sfbx2074.pfb> |
|||
</usr/share/texmf-dist/fonts/type1/public/cm-super/sfrm0800.pfb></usr/share/tex |
|||
mf-dist/fonts/type1/public/cm-super/sfrm1200.pfb></usr/share/texmf-dist/fonts/t |
|||
ype1/public/cm-super/sfrm1440.pfb></usr/share/texmf-dist/fonts/type1/public/cm- |
|||
super/sftt1200.pfb> |
|||
Output written on writeup.pdf (2 pages, 135374 bytes). |
|||
PDF statistics: |
|||
44 PDF objects out of 1000 (max. 8388607) |
|||
31 compressed objects within 1 object stream |
|||
0 named destinations out of 1000 (max. 500000) |
|||
1 words of extra memory for PDF output out of 10000 (max. 10000000) |
|||
|
|||
Binary file not shown.
@ -0,0 +1,96 @@ |
|||
\documentclass[12pt]{article} |
|||
|
|||
\usepackage[utf8]{inputenc} |
|||
\usepackage[naustrian]{babel} |
|||
\usepackage[T1]{fontenc} |
|||
\usepackage[paper=a4paper, left=25mm, right=25mm, top=25mm, |
|||
bottom=22mm]{geometry} |
|||
\usepackage{fancyhdr} |
|||
\usepackage{listings} |
|||
\usepackage{eurosym} |
|||
\usepackage{multirow} |
|||
|
|||
\usepackage{url} |
|||
|
|||
\newcommand{\mytitle}{Bericht für \emph{www.sternwarte.at}} |
|||
\newcommand{\myfoottitle}{Bericht sternwarte.at} |
|||
|
|||
\newcommand{\mysecondtitle}{} |
|||
\newcommand{\mythirdtitle}{} |
|||
\newcommand{\mydelivery}{} |
|||
\newcommand{\myauthor}{Michael Preisach, SIGFLAG} |
|||
\newcommand{\mydate}{\today} |
|||
|
|||
\title{\textbf{\mytitle}\\[1ex]\normalsize{\mysecondtitle}} |
|||
\author{\textbf{\mythirdtitle}} |
|||
\date{\mydate} |
|||
|
|||
\pagestyle{fancy} |
|||
\fancypagestyle{plain} |
|||
{ |
|||
\fancyhf{} |
|||
\fancyfoot[L]{\scriptsize{\myfoottitle}} |
|||
\fancyfoot[C]{\scriptsize{}} |
|||
\fancyfoot[R]{\scriptsize{Seite \thepage}} |
|||
\renewcommand{\headrulewidth}{0pt} |
|||
\renewcommand{\footrulewidth}{0.5pt} |
|||
} |
|||
\fancyhf{} |
|||
\fancyfoot[L]{\scriptsize{\myfoottitle}} |
|||
\fancyfoot[C]{\scriptsize{}} |
|||
\fancyfoot[R]{\scriptsize{Seite \thepage}} |
|||
\renewcommand{\headrulewidth}{0pt} |
|||
\renewcommand{\footrulewidth}{0.5pt} |
|||
|
|||
\setlength{\parindent}{0mm} |
|||
|
|||
\begin{document} |
|||
\maketitle |
|||
\section*{Disclaimer} |
|||
Es wurden für diesen Bericht nur öffentlich einsehbare Daten verwendet. |
|||
Es wurden keine verschlüsselten oder durch Passwort geschützten Daten kopiert oder verwendet. |
|||
|
|||
\section{Zusammenfassung} |
|||
Tests wurden im Zeitraum von 15. Jänner 2020 bis 3. Februar 2020 vorgenommen. |
|||
Ziel dieses Tests war die Ermittlung der Angriffsoberfläche von \url{www.sternwarte.at}, der verwendeten Infrastruktur sowie eine Analyse der verwendeten Programme um schließlich eine Handlungsempfehlung zu formulieren. |
|||
Im Rahmen des Test wurden neben dem Server der Sternwarte auch andere Services gefunden. |
|||
Sofern sich diese im IP-Adressbereich in unmittelbarer Nähe befunden haben, wurden diese Server ebenfalls analysiert. |
|||
|
|||
Im Folgenden werden die wichtigsten Erkenntnisse kurz dargestellt |
|||
\begin{enumerate} |
|||
\item Keine TLS-Verschlüsselung der Website obwohl auf der Website Formulare angeboten werden, die vertrauliche Daten abfragen. |
|||
Dies ist meiner Ansicht nach mit der aktuellen Version der DSGVO nicht vereinbar. |
|||
Auch der Admin-login ist unverschlüsselt und kann daher sehr einfach in einem überwachten Netzwerk abgefangen werden. |
|||
Eine Verschlüsselung mit TLS1.2 oder höher in Kombination mit einem Zertifikat von Let's Encrypt löst dieses Problem effektiv. |
|||
\item Unauthentifiziert einsehbare Log-Datei, die Server-Fehler ausgibt: |
|||
\begin{itemize} |
|||
\item Nicht gefundene Dateien, |
|||
\item Fehlercodes der CGI-Skripte |
|||
\item Fehler von anderen Webseiten, die auf diesem Host betrieben werden |
|||
\item Fehler des SMTP-Servers auf diesem Host |
|||
\end{itemize} |
|||
Der unauthentifizierte Zugriff auf diese und weitere Dateien MUSS verhindert werden. |
|||
\item CGI Skripts können direkt ausgeführt werden und über die log-Datei können auch weitere Skripte gefunden werden. |
|||
Auch hier sollten Maßnahmen getroffen werden, die den Zugriff nur über ausgefüllte Formulare zulassen. |
|||
\item Der FTP-Server ist auf dem Standardport verfügbar und es ist mutmaßlich verwundbar auf Bruteforce-Attacken. |
|||
Einerseits sollte auch hier der Zugang verschlüsselt werden, etwa mit FTP over SSH\@. |
|||
Gegen Bruteforce-Attacken helfen zusätzlich Fail2ban und Public Keys statt Passwörtrn. |
|||
Dies müssen die verwendeten Anwendungen aber unterstützen. |
|||
\item Die Webseite kann durch modifizierte URLs in der Darstellung verändert werden. Die Daten auf dem Server müssen dafür nicht verändert werden. |
|||
Dazu muss die Webseite selbst angepasst werden, um nicht versehentlich aus dem vorgesehenen Arbeitsverzeichnis rauszufallen bzw.\@ das Laden externer Frames zu verhindern. |
|||
\item Die verwendete Software (4D Webstar 2004) ist mittlerweile über 15 Jahre alt. |
|||
Es gibt zwar keine bekannten Bugs, jedoch sollte es nicht schwierig sein, mit heutigen Mitteln welche zu finden. |
|||
Deshalb wird dringend empfohlen, den werwendeten Software-Stack auf eine gut gewartete, aktuelle Basis zu stellen. |
|||
Populäre Lösungen sind dafür ein aktuelles Linux mit Apache oder Nginx und den gewünschten Erweiterungen für Datenbanken und Skripting. |
|||
\end{enumerate} |
|||
|
|||
\section{Methodik} |
|||
|
|||
\subsection{Informationsgewinnung} |
|||
|
|||
\subsection{Verwendete Programme} |
|||
|
|||
\section{Erkenntnisse} |
|||
|
|||
|
|||
\end{document} |
|||
Loading…
Reference in new issue