This week we are talking about enumerating websites to find out what software a particular website is running so we can begin looking for ways to exploit it. I mean, if we have learned anything from the movies, you can't just run into the bank or the jewelry store and make a heist. You have to spend a few weeks casing the joint first. You have to plan your escape route. You need to know the response time from the police. Basically, you have to do do your homework before going in guns a blazin'.
The same goes for hacking. One does not simply jump in and hack server 'X'. You have to know what you are getting into first. That is exactly what enumeration does for us. In this episode we look at a cool command line website enumeration tool that is pre-installed on Bauer-Puntu Linux 12.04. It's called Nikto.
From their page:
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
As shown in the video, to do a simple scan of a web server you would run:
nikto -h <server IP or hostname> -C AllIf you want to try to bypass an Intrusion Detection System (Really good to see if you IDS is working correctly) you would run:
nikto -h <server IP or hostname> -C All -evasion 1
It's pretty interesting all of the stufff Nikto comes up with. In the video we ran it against the Tech Podcast Network site, and found they are running a few versions behind on Apache and PHP. They might want to take a look at that. There were also a number of other things we found, but won't share that here.
We didn't show the full scan and results, namely because we didn't want to paste all of their vulnerabilities here, and also the scan was taking a long time, and that just doen't make good internet television.
- Analysis on pBot - a PHP IRC Bot that has Malicious Functions
- Securing FTP Running on Your Web Server
- Hack using Google Dorks: Biggest Malicious Dork Collection