Question for Dev's
lgrayjunior opened this issue · 5 comments
We maintain equipment for a customer that used Sparta on one of the hosts and the system actually had a failure. We're just looking for a little more detail on what the software might have done that caused the system to fail. Maybe even any suggestions on whether or not the software might have been used improperly.
Hi. Sorry to hear about the system failure.
SPARTA is a network penetration testing tool. It is designed to help penetration testers probe services that are running on hosts to try to identify vulnerabilities. Like any other security tool, it requires the person running it to understand how to configure it properly and how to use it.
Having said that, by default, SPARTA runs some tools automatically when it finds certain services running. If you open SPARTA, it will create a sparta.conf file which has the default configuration. There you can see which tools are configured to run by default.
Running SPARTA on one host with the default configuration should not cause any sort of denial of service condition. Obviously, there are always ways to use any software improperly or to just use it in a way that would cause problems. For example, if the user decides to brute force a service with thousands of requests and doesn't keep an eye on the service status, bad things can happen.
We hope this helps. Let us know if we can help in any other way.
Thanks very much for the reply. I did look at the config file, I was unable to determine if NMap scans and then by default whether or not Hydra and Cutycapt kick in accordingly based on ports found.
Sorry, but just to clarify; from what I can tell, Sparta automatically runs Nikto on http/https ports, possibly Cutycapt as well, is that correct? Forgive me also, I'm not very good with coding nor with Hydra, Nikto, or Cutycapt. So, just trying to get as much information as possible to know what might have went wrong. If what my research has found so far is correct, it looks like Nikto alone could send thousands of http or https requests to test for vulnerabilities on those type of ports. That alone could be the cause, but I am sure there other ports that would have been found just as interesting.
If you were willing, a very short bullet point list of default actions based on just entering a host ip in a default instance of Sparta would be a super help and enough to let me research what they do.
If you have sanitised SPARTA output files I would be happy to have a look to help you identify what happened. You can DM me if needed.
That is correct. By default nikto will run on any web ports identified. Regarding the screenshot taking tool, it depends on the version of SPARTA that was used but taking a screenshot would most definitely not cause a system failure. Below you will find the list of tools that run by default when certain services are identified.
nikto="http,https,ssl,soap,http-proxy,http-alt,https-alt", tcp
screenshooter="http,https,ssl,http-proxy,http-alt,https-alt", tcp
smbenum=microsoft-ds, tcp
snmpcheck=snmp, udp
x11screen=X11, tcp
snmp-default=snmp, udp
smtp-enum-vrfy=smtp, tcp
mysql-default=mysql, tcp
mssql-default=ms-sql-s, tcp
ftp-default=ftp, tcp
postgres-default=postgresql, tcp
oracle-default=oracle-tns, tcp
Note that for lines of the type "service-default", hydra will run using very small wordlists (which you can find in the wordlists folder) precisely to avoid issues related to mass brute force.
Nikto can indeed send hundreds of requests. However, it a system failure was caused from a simple scan, then chances are you have more serious problems to address.
Lastly, as I mentioned, SPARTA is highly customisable so it is not guaranteed that in your case defaults were used. Additionally, there is functionality to conduct brute force attacks using hydra against any service using any specified wordlist. There is no stopping someone from picking a very big wordlist and not being careful to check whether the attack is causing a service outage.
Thanks very much. The gives me what I was trying to figure out, or at least enough to answer questions. Appreciate the time and the response!!