Como Hacer Hacking Ético con Kali Linux

Uno de los objetivos del Hacking Ético es encontrar problemas de seguridad para corregirlos.

Existen herramientas y técnicas para hacer un Hacking Ético con Kali Linux de manera correcta.

En este tutorial te enseñaré a Como Hacer Hacking Ético con Kali Linux, vamos con ello.

Servidor Protegido mediante Hacking Ético — Las empresas suelen usar Hacking Ético para verificar la seguridad de sus sistemas informáticos

Para que todo salga bien, sigue los pasos que te indicaré a continuación.

Al hacer hacking ético a un servidor, podemos encontrar diferentes vulnerabilidades en él.

Vamos a usar Nikto, esta herramienta nos permite hacer pruebas de vulnerabilidades en Kali Linux.

Existen diferentes herramientas para hacer Hacking Ético. Nikto solo es una de ellas.

Voy a buscar vulnerabilidades en mi servidor local montado con la herramienta XAMPP.

Para buscar vulnerabilidades en mi servidor con la herramienta Nikto, ejecuto el siguiente comando:

nikto -h 127.0.0.1

- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          127.0.0.1
+ Target Hostname:    127.0.0.1
+ Target Port:        80
+ Start Time:         2024-04-12 22:46:37 (GMT-4)
---------------------------------------------------------------------------
+ Server: Apache/2.4.58 (Unix) OpenSSL/1.1.1w PHP/8.2.12 mod_perl/2.0.12 Perl/v5.34.1
+ Retrieved x-powered-by header: PHP/8.2.12
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Root page / redirects to: http://127.0.0.1/dashboard/
+ Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names. See http://www.wisec.it/sectou.php?id=4698ebdc59d15. The following alternatives for 'index' were found: HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var, HTTP_NOT_FOUND.html.var
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ ///etc/hosts: The server install allows reading of any system file by adding an extra '/' to the URL.
+ OSVDB-3268: /webalizer/: Directory indexing found.
+ OSVDB-3268: /img/: Directory indexing found.
+ OSVDB-3092: /img/: This might be interesting...
+ OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ OSVDB-3092: /web/: This might be interesting...
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ Uncommon header 'x-ob_mode' found, with contents: 1
+ /phpmyadmin/: phpMyAdmin directory found
+ OSVDB-3092: /phpmyadmin/README: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts.
+ /wp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpresswp-content/themes/twentyeleven/images/headers/server.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpresswp-includes/Requests/Utility/content-post.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /wordpresswp-includes/js/tinymce/themes/modern/Meuhy.php?filesrc=/etc/hosts: A PHP backdoor file manager was found.
+ /assets/mobirise/css/meta.php?filesrc=: A PHP backdoor file manager was found.
+ /login.cgi?cli=aa%20aa%27cat%20/etc/hosts: Some D-Link router remote command execution.
+ /shell?cat+/etc/hosts: A backdoor was identified.
+ 8698 requests: 0 error(s) and 26 item(s) reported on remote host
+ End Time:           2024-04-12 22:47:40 (GMT-4) (63 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.58 PHP/8.2.12 mod_perl/2.0.12 Perl/v5.34.1) are not in
      the Nikto 2.1.6 database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n

Nikto me indica las vulnerabilidades que tiene mi servidor, a continuación mostraré algunas de ellas:

The anti-clickjacking X-Frame-Options header is not present.
The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
Apache mod_negotiation is enabled with MultiViews, which allows attackers to easily brute force file names.

He realizado un hacking ético con la intención de encontrar y corregir los errores de seguridad del servidor.

Ahora toca meter mano al servidor e ir corrigiendo cada una de las vulnerabilidades y dejar el servidor mas seguro.

Recuerda que no existe el servidor seguro, los hackers siempre están buscando nuevas formas de atacar un servidor.