- Use skipfish
· Footprinting a Web Server Using the httprecon Tool
· Footprinting a Web Server Using ID Serve
· Crack FTP Credentials (Dictionary Attack) with Hydra
· Uniscan Web Server Fingerprinting in Kali Linux
From Kali box to use Skipfish
A. Open terminal – Type In the terminal window type skipfish -o /root/test -S /usr/share/skipfish/dictionaries/complete.wl http://[IP Address of Windows Server 2012]:8080 and press Enter. Skipfish performs a heavy brute-force attack on the webserver by using complete.wl dictionary file, creates a directory named test in the root location, and stores the result in index.html
B. Index.html list all findings –Click each one for more details.
From Windows box to use HTTPRECON
A. Open HTTPRECON. Enter ip address of target server and port number :8080 – Analyze
B. Get existing tab - the server used (Apache), its version (2.4.27), and the server-side application used to develop the webpages (PHP). When attackers obtain this information, they research the vulnerabilities present in PHP and Apache 2.4.27 and try to exploit them, which results in either full or partial control over the web application.
C. GET long request tab, which lists all the GET requests.
D. Fingerprint Details tab. - include the name of the protocol the website is using, and its version. By obtaining this information, attackers can make use of the vulnerabilities in HTTP to perform malicious activities such as sniffing over the HTTP channel, which might result in revealing sensitive data such as user credentials.
From Windows box to use ID Serve
A. Open ID Serve. Click the Server Query tab. In option 1, enter the URL (http://10.10.10.12:8080/CEH) you want to footprint in the Enter or copy/paste an Internet server URL or IP address section.
From Kali box to crack FTP credentials
A. Perform an nmap scan on the target machine to check if the FTP port is open. In the terminal type nmap -p 21 [IP Address of Target] and press Enter.
B. Check if an FTP server is hosted on the target machine. Type ftp [IP Address of Target] and press Enter. – Getting a login prompt shows FTP is there.
C. In a terminal window type hydra -L /root/Desktop/Wordlists/Usernames.txt -P /root/Desktop/Wordlists/Passwords.txt ftp://[IP Address of Target] and press Enter.
D. Type mkdir HackedbyTimbo and press Enter to create a directory named HackedbyTimbo through the ftp terminal on the target.
From Kali box to Uniscan Web Server Fingerprinting (Takes 30 mins)
A. NB: uniscan -h will display the help options of uniscan.
B. Type uniscan -u http://10.10.10.12:8080/CEH -q and hit Enter to start the scan for directories.
C. Here -w and -e are used together to enable file check, robots.txt and sitemap.xml check. In the terminal window type uniscan -u http://10.10.10.12:8080/CEH -we and hit Enter.
D. To start dynamic scan on the webserver by giving the command -d. Type uniscan -u http://10.10.10.12:8080/CEH -d and hit Enter .
E. After the scan is finished, close the terminal window, and navigate to Computer/usr/share/uniscan/report and double click 10.10.10.12.html to view the scan report.