In just a short recap, in part 1, I have gained network entry and a valuable lesson and that is to isolate the virtualbox environment from the internet while in part 2 I have discovered that a Wordpress blog is being hosted on my target device but my question is what if I did not typed the ip address on a browser with the allowed commands, what other methods is possible to use to allow me to discover something about the ip address, nmap has already showed that 443 and 80 are open ports suggesting already that it hosts a website.
Before I answer that question, I still need to perform an optional audit check on the http port using wapiti to enable me to gain an insight of the overall picture. I just typed wapiti -u https://192.168.3.3 at the command prompt and the result was in a form html link and here is the result:
Wapiti found several vulnerabilities which I think the pen testing should go on.
To answer that question, the other popular Kali pen test tool is Nikto. Just type nikto -h 192.168.3.3 for finding allowed webpages. I got the following result:
which suggests that there is a wordpress login system
Knowing that a website is active, I predict that a robots.txt file which is to control web crawling bots(it is a usual practice of web developers that robots.txt is really a necessity.) so randomly, I typed in 192.168.3.3/robots.txt and I was right, I got the following result:
What if I don't have knowledge in web development, I could have not known that a robot.txt file existed at all. There is a way to check the root directory by using script http-enum. this is an nmap option that enumerates directories used by popular web applications and servers. So I just typed in nmap -sV --script=http-enum.nse 192.168.3.3 and I found robot.txt file(see resulting output). This command is also another alternative to nikto because the output also shows that a wordpress website is being hosted on the ip address.
By examining the file's content, fsocity.dic is a dictionary file, fsocity in the actual tv program is the organization that brought down the Evil Conglomerate, and.dic files usually contain words, so I think it suggest that it contains the possible password and username which will allow me to gain entry into the computer?
To be continued...
No comments:
Post a Comment