Results 1 to 2 of 2

Thread: I need help to pentest

  1. #1
    Just burned his ISO
    Join Date
    Feb 2012
    Posts
    1

    Arrow I need help to pentest

    hello I'm learning to do a pentest, and took some information:

    looking port open :

    nmap -p 25,80,1000-4000 xx.xx.xxx.xx

    Starting Nmap 5.51 ( http://nmap.org ) at 2012-02-21 18:17 VET
    Nmap scan report for host.xxxx.net (xx.xx.xxx.xx)
    Host is up (0.26s latency).
    Not shown: 2995 filtered ports
    PORT STATE SERVICE
    80/tcp open http
    2082/tcp open infowave
    2083/tcp open radsec
    2084/tcp closed unknown
    2086/tcp open gnunet
    2087/tcp open eli
    2095/tcp open nbx-ser
    2096/tcp open nbx-dir

    Nmap done: 1 IP address (1 host up) scanned in 56.00 seconds

    has open ports!

    using nikto :

    root@bt:/pentest/web/nikto# perl nikto.pl -host xx.xx.xxx.xx
    - Nikto v2.1.4
    ---------------------------------------------------------------------------
    + Target IP: xx.xx.xxx.xx
    + Target Hostname: host.xxx.net
    + Target Port: 80
    + Start Time: 2012-02-22 18:09:29
    ---------------------------------------------------------------------------
    + Server: Apache
    + ETag header found on server, inode: 59605161, size: 111, mtime: 0x4a0d62977b880
    + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS). http://www.cert.org/advisories/CA-2000-02.html.
    + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
    + OSVDB-2799: /cgi.cgi/dose.pl?daily&somefile.txt&|ls|: DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
    + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
    + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.

    is vuln XST, XSS and directory traversal attack ,

    I hope to help

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: I need help to pentest

    Go here. http://www.offensive-security.com/
    We do not teach pentesting at BackTrack Linux. But the good folks at off-sec will hook you up with the best realistic penetration testing training available.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Iniciante em Pentest
    By rabeloo in forum Iniciantes
    Replies: 3
    Last Post: 02-07-2011, 05:00 AM
  2. Curso de Pentest
    By AnjoFantasma in forum Iniciantes
    Replies: 4
    Last Post: 06-14-2010, 02:54 PM
  3. can't pentest SSH plz help
    By jenbo in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-17-2010, 11:08 AM
  4. web app pentest report
    By chelano in forum OLD Pentesting
    Replies: 6
    Last Post: 09-10-2008, 12:51 PM
  5. Bluetooth Pentest
    By DeadWolf in forum OLD Pentesting
    Replies: 19
    Last Post: 06-13-2008, 11:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •