Results 1 to 2 of 2

Thread: I need help to pentest

  1. #1
    Just burned his ISO
    Join Date
    Feb 2012

    Arrow I need help to pentest

    hello I'm learning to do a pentest, and took some information:

    looking port open :

    nmap -p 25,80,1000-4000

    Starting Nmap 5.51 ( ) at 2012-02-21 18:17 VET
    Nmap scan report for (
    Host is up (0.26s latency).
    Not shown: 2995 filtered ports
    80/tcp open http
    2082/tcp open infowave
    2083/tcp open radsec
    2084/tcp closed unknown
    2086/tcp open gnunet
    2087/tcp open eli
    2095/tcp open nbx-ser
    2096/tcp open nbx-dir

    Nmap done: 1 IP address (1 host up) scanned in 56.00 seconds

    has open ports!

    using nikto :

    root@bt:/pentest/web/nikto# perl -host
    - Nikto v2.1.4
    + Target IP:
    + Target Hostname:
    + Target Port: 80
    + Start Time: 2012-02-22 18:09:29
    + Server: Apache
    + ETag header found on server, inode: 59605161, size: 111, mtime: 0x4a0d62977b880
    + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + OSVDB-27071: /phpimageview.php?pic=javascript:alert(8754): PHP Image View 1.0 is vulnerable to Cross Site Scripting (XSS).
    + OSVDB-3233: /mailman/listinfo: Mailman was found on the server.
    + OSVDB-2799: /cgi.cgi/|ls|: DailyDose 1.1 is vulnerable to a directory traversal attack in the 'list' parameter.
    + OSVDB-3092: /img-sys/: Default image directory should not allow directory listing.
    + OSVDB-3092: /java-sys/: Default Java directory should not allow directory listing.

    is vuln XST, XSS and directory traversal attack ,

    I hope to help

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010

    Default Re: I need help to pentest

    Go here.
    We do not teach pentesting at BackTrack Linux. But the good folks at off-sec will hook you up with the best realistic penetration testing training available.
    To be successful here you should read all of the following.
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Iniciante em Pentest
    By rabeloo in forum Iniciantes
    Replies: 3
    Last Post: 02-07-2011, 05:00 AM
  2. Curso de Pentest
    By AnjoFantasma in forum Iniciantes
    Replies: 4
    Last Post: 06-14-2010, 02:54 PM
  3. can't pentest SSH plz help
    By jenbo in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-17-2010, 11:08 AM
  4. web app pentest report
    By chelano in forum OLD Pentesting
    Replies: 6
    Last Post: 09-10-2008, 12:51 PM
  5. Bluetooth Pentest
    By DeadWolf in forum OLD Pentesting
    Replies: 19
    Last Post: 06-13-2008, 11:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts