A couple of days ago, I posted an article showing you how to exploit PHP using BackTrack and backdoors from weevely. Today, I want to show you another cool trick in BackTrack. This time, I want to show you how to analyze any webserver to look for known vulnerabilities and other unknown server issues. This technique is very simple. So, this article will be very short.
To get started, fire up BackTrack, click on the menu and navigate to BackTrack > Vulnerability Assessment > Web Application Assessment > Web Vulnerability Scanners and click on “nikto”. That will throw you into a shell prompt. At that point, you can do a scan of any webserver with one basic command and parameter. Here is the command:
#./nikto.pl -h http://www.some-target.com
As you can see, the only parameter I’m passing to the nikto tool is the option “-h” for host and the URL for that host. When you run that command, you’ll immediately begin receiving useful information about your target webserver. For example, when I ran that command, right away I saw that my target server was running Apache on Fedora. It even told me which version of Apache the server was running. With that knowledge alone, I could go to a site like http://www.securityfocus.com and search for Apache Software Foundation > Apache > 2.2.8 and get a list of known exploits for that particular version of Apache. By the time the scan was finished, I had a list of known vulnerabilities that were exploitable on my target server. Using some of the other tools in BackTrack, I could easily gain access and root control of the server.
PayPal will open in a new tab.