arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1528540440545.png (339.2 KB, 2282x584, nikto_out.png)

 No.2895

Anyone here pentest?

I'm working on Kioptirx lvl1 VM…

> nmap -sn $targetip
has shown a few open ports, one of them being 80
> Open browser to view page, Apache webapp running on port 80
> nikto -host &targetip -port 80
Shows that Apache service is out of date

My question is how to progress from here in order to get a reverse shell? My thoughts are to hop on exploitDB to get the appropriate script. Not looking for answers just want to see what's out there.

pic related

 No.2897

I don't often pentest, but I do penciltest on occasion.

 No.2899

File: 1528582402466.png (122.44 KB, 596x702, lp0n9ffdympz.png)

>>2897

 No.2900

File: 1528593218474.jpg (14.04 KB, 480x360, hqdefault.jpg)

>>2895

Nikto is out of date.

Browse to the site hosted on 80. Open the dev console (or inspect element). Peruse the sources, watch the different transfers in the Network tab.

Once you get a feel for how the site works, start playing with request variables. What happens if this equals zero? What happens if I submit this JSON payload without authentication?

Unless you are participating in a CTF, immediately stop using scripts and tools (short of dirsearch). Bad news friend: hacking sites require you to learn the sites manually.

 No.2901

>>2900
You would be surprised but many of these are actually about reusing other people's exploits. Since the Kioptrix website recommends using Backtrack 3 or 4 to solve it I wouldn't be surprised if it was just about running the right tool with the right arguments.

I have no idea where's the fun in that, but I guess it makes beginners feel like hackers.

 No.2903

>>2901

Right, I used nikto just because I didn't know what else to use to be honest.

I'm fine with using tools for enumeration/discovery, but I'd like to avoid metasploit etc. in regards to the actual exploit – not opposed to copying someone else's script though

 No.2904

>>2901
gotta start someone arisu,


[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]