Saturday, May 16, 2015

Bash Script to Enumerate Users - OSVDB-637

I ran a Nikto scan and found the following vulnerability in the report that it produces:

"OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users)."

I then created the following bash script to run through a list of usernames to identify users that may exist:

#!/bin/bash
while read line
do

     wget http://www.domain.local/~$line &> output/$line.output.file

done < names.list
grep -l -i 'forbidden' output/*

The last statement will then identify the files that are proceeded by a username that return indicating the user account exists on the particular apache server.

Below is the information about the vulnerability from the OSVDB database...

http://osvdb.org/637
Apache web servers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the UserDir module is enabled and a remote attacker requests access to a user's home directory. By monitoring the web server response, an attacker is able to enumerate valid user names, resulting in a loss of confidentiality.


No comments:

Post a Comment

Powershell - Gather Mapped Drives from a List of Computer Names

I created the following Powershell script to gather remotely the mapped drives that users had in their profiles.  I had to create the script...