From 1918cdfac5c5a5e56ce59862849bd1d6afbdbccb Mon Sep 17 00:00:00 2001 From: skyanth Date: Mon, 12 Jun 2017 15:55:15 +0200 Subject: [PATCH] =?UTF-8?q?Updated=20examplereport.xml=20so=20it=E2=80=99s?= =?UTF-8?q?=20valid=20again?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- xml/doc/examples/examplereport.xml | 231 +++++++++++++++++------------ 1 file changed, 137 insertions(+), 94 deletions(-) diff --git a/xml/doc/examples/examplereport.xml b/xml/doc/examples/examplereport.xml index b2a5cd2..9c53336 100644 --- a/xml/doc/examples/examplereport.xml +++ b/xml/doc/examples/examplereport.xml @@ -1,10 +1,24 @@ - + + Penetration Test Report - fishinabarrel.sittingduck.com + + 4 + 4 + bla + bla + something + black-box + + + + + Melanie Rieback @@ -68,48 +82,50 @@ who is also the co-founder/CEO of Radically Open Security. - + - +
Executive Summary
Introduction -

Sitting Duck B.V. (“Sitting Duck”) has assigned - the task of performing a Penetration Test of the FishInABarrel Web - Application to Radically Open Security BV (hereafter “ROS”). - Sitting Duck has made this request to better evaluate the security of the application and - to identify application level vulnerabilities in order to see whether the FishInABarrel - Web Application is ready, security-wise, for production deployment.

-

This report contains our findings as well as detailed explanations of exactly how ROS performed - the penetration test.

+

Sitting Duck B.V. (“Sitting Duck”) has assigned the task of performing a + Penetration Test of the FishInABarrel Web Application to Radically + Open Security BV (hereafter “ROS”). Sitting Duck has made this + request to better evaluate the security of the application and to + identify application level vulnerabilities in order to see whether + the FishInABarrel Web Application is ready, security-wise, for + production deployment.

+

This report contains our findings as well as detailed explanations of + exactly how ROS performed the penetration test.

Scope of work -

The scope of the Sitting Duck penetration test was limited to the following - target:

+

The scope of the Sitting Duck penetration test was limited to the + following target:

-

The penetration test was carried out from a black box perspective: no information - regarding the system(s) tested was provided by Sitting Duck or FishInABarrel, although FishInABarrel - did provide ROS with two test user accounts.

+

The penetration test was carried out from a black box perspective: no + information regarding the system(s) tested was provided by Sitting + Duck or FishInABarrel, although FishInABarrel did provide ROS with + two test user accounts.

Project objectives -

The objective of the security assessment is to gain insight into the security of - the host and the FishInABarrel Web Application.

+

The objective of the security assessment is to gain insight into the + security of the host and the FishInABarrel Web Application.

Timeline -

The FishInABarrel Security Audit took place between January 14 and January 16, - 2015.

+

The FishInABarrel Security Audit took place between January 14 and + January 16, 2015.

Results in a Nutshell -

During this pentest, we found quite a number of different security problems – - Cross-site Scripting (XSS) vulnerabilities, both stored and reflected, Cross-site - Request Forgery (CSRF) vulnerabilities, - information disclosures (multiple instances), and lack of - brute force protection.

+

During this pentest, we found quite a number of different security + problems – Cross-site Scripting (XSS) vulnerabilities, both stored + and reflected, Cross-site Request Forgery (CSRF) vulnerabilities, + information disclosures (multiple instances), and lack of brute + force protection.

Summary of Findings @@ -125,47 +141,59 @@ who is also the co-founder/CEO of Radically Open Security. Charts
Findings by Threat Level - +
Findings by Type - +
- +
- - - + + +
Reconnaissance and Fingerprinting

Through automated scans we were able to gain the following information about the - software and infrastructure. Detailed scan output can be found in the sections - below.

- - -
Fingerprinted Information
Windows XP
Microsoft IIS 6.0
PHP 5.4.29
jQuery 1.7.2
Mailserver XYZ
FTPserver ABC
- + software and infrastructure. Detailed scan output can be found in the + sections below.

+ + + + + + + + +
Fingerprinted Information
Windows XP
Microsoft IIS 6.0
PHP 5.4.29
jQuery + 1.7.2
Mailserver XYZ
FTPserver ABC
+
Automated Scans -

As part of our active reconnaissance we used the following automated scans:

+

As part of our active reconnaissance we used the following automated + scans:

-

Of these, only the output of nmap turned out to be - useful; consequently only nmap and output will be discussed in - this section.

+

Of these, only the output of nmap turned out to be useful; consequently + only nmap and output will be discussed in this section.

nmap

Command:

$ nmap -vvvv -oA fishinabarrel.sittingduck.com_complete -sV -sC -A -p1-65535 -T5
 fishinabarrel.sittingduck.com
- +

Outcome:

 Nmap scan report for fishinabarrel.sittingduck.com (10.10.10.1)
 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
@@ -194,57 +222,65 @@ PORT     STATE SERVICE
 
 Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
 Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
- -

The scan revealed a very large number of open services on this machine, which - greatly increases the attack surface; see for more information on the - security risk.

- + +

The scan revealed a very large number of open services on this machine, + which greatly increases the attack surface; see for + more information on the security risk.

+
- +
Pentest Technical Summary
Findings - +

We have identified the following issues:

- + PHPInfo Disclosure

The phpinfo() function of the PHP language is readable, - resulting in a listing of all the runtime information of the environment, - thus disclosing potentially valuable information to attackers.

+ resulting in a listing of all the runtime + information of the environment, thus disclosing + potentially valuable information to attackers.

 -

This is where the good stuff goes. We give a detailed technical description of the problem.

-

Illustrative picture of an evil hacker pondering dark deeds:

+

This is where the good stuff goes. We give a detailed + technical description of the problem.

+

Illustrative picture of an evil hacker pondering dark + deeds:

 -

This is where we explain how the sh*t is hitting the fan, exactly.

+

This is where we explain how the sh*t is hitting the fan, + exactly.

 -

Here is where we write some tips to solve the problem.

+

Here is where we write some tips to solve the + problem.

 - + A terrible XSS issue

A general description of the problem.

 -

This is we go into great detail about the vulnerability.

+

This is we go into great detail about the + vulnerability.

 -

This is where we explain why this vulnerability is a problem.

+

This is where we explain why this vulnerability is a + problem.

 -

This is where we solve everything and the sun starts shining again.

+

This is where we solve everything and the sun starts + shining again.

 - + A not quite so terrible XSS issue @@ -261,23 +297,24 @@ Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
- +
Non-Findings -

In this section we list some of the things that were tried but turned out to be - dead ends.

- +

In this section we list some of the things that were tried but turned out + to be dead ends.

+ FTP -

The server was running FTPserver ABC, the most recent - version of this particular piece of software. Anonymous login was turned off and no - relevant vulnerabilities or exploits were found.

+

The server was running FTPserver ABC, the most recent version of + this particular piece of software. Anonymous login was + turned off and no relevant vulnerabilities or exploits were + found.

 Mail Server -

The server was running Mailserver XYZ, the most recent - version of this particular piece of software. No relevant vulnerabilities or - exploits were found.

+

The server was running Mailserver XYZ, the most recent version of + this particular piece of software. No relevant + vulnerabilities or exploits were found.

SQL Code Injection @@ -286,37 +323,43 @@ Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB) 
-file1.php
 -file2.php
 -file3.php
-
 + + Heartbleed -

System was not vulnerable to heartbleed.

 +

System was not vulnerable to heartbleed.

+ Windows XP -

The host is running Windows XP. As we all know, Windows XP is bulletproof.

+

The host is running Windows XP. As we all know, Windows XP is + bulletproof.
Conclusion -

In the course of this penetration test, we have demonstrated that the FishInABarrel - Web Application faces a range of security issues which makes it vulnerable to a number - of different attacks. Vulnerabilities found included: cross-site scripting (both stored - and reflected), cross-site request forgery, information disclosure - and lack of brute force protection.

-

Our conclusion is that there are a number of things that FishInABarrel BV has to fix before - Sitting Duck should use their software. A number of the security issues highlighted in this - report have fairly simple solutions, but these should nevertheless be fixed before use - of the FishInABarrel Web App continues.

-

We finally want to emphasize that security is a process – and this penetration test is - just a one-time snapshot. Security posture must be continuously evaluated and improved. - Regular audits and ongoing improvements are essential in order to maintain control of - your corporate information security. We hope that this pentest report (and the detailed - explanations of our findings) will contribute meaningfully towards that end. Don't - hesitate to let us know if you have any further questions or need further clarification - of anything in this report.

+

In the course of this penetration test, we have demonstrated that the + FishInABarrel Web Application faces a range of security issues which makes + it vulnerable to a number of different attacks. Vulnerabilities found + included: cross-site scripting (both stored and reflected), cross-site + request forgery, information disclosure and lack of brute force + protection.

+

Our conclusion is that there are a number of things that FishInABarrel BV has to + fix before Sitting Duck should use their software. A number of the security + issues highlighted in this report have fairly simple solutions, but these + should nevertheless be fixed before use of the FishInABarrel Web App + continues.

+

We finally want to emphasize that security is a process – and this penetration + test is just a one-time snapshot. Security posture must be continuously + evaluated and improved. Regular audits and ongoing improvements are + essential in order to maintain control of your corporate information + security. We hope that this pentest report (and the detailed explanations of + our findings) will contribute meaningfully towards that end. Don't hesitate + to let us know if you have any further questions or need further + clarification of anything in this report.

Testing team - \ No newline at end of file +