hi whats up??
my friend ask me to pentest to his server and i started with nmap after that i started nikto and found very intresting
file on the server
nikto has found a shell in the cgi dir (cgi/bash),well i though i will finish the pentest just after 10 min .
but i was unable to communicete with that shell the server sayd "404 not found" .
if there is a shell exposed in the server i have to communicete with him and if its work i need to tell my friend to delete the file.
how can i commuincete with that shell ??
any ideas and links will be great .
the server runing under apache 2.0.55 and
tnx in advence. :)
404 Not Found means the file doesn't exist..
but if the file doesn't exist how did nikto finds it ???
and it happend to me sevrel times but it always interact with those shells
any more ideas
Is it possible there are more than one cgi-bin directories and you only checked the primary one?
From looking at the code nikto tries to determine all of them.
Does nikto connect to a hostname (www.mydomain.com i.e.) or an IP address? It may only exist on a certain virtual host..
nikto connect to an ip address
If you want a serious pentest, then I'd suggest Phlak (Professional Hackers Linux Assult Kit), a LiveCD with some very interesting tools . You could also try Knoppix STD, again LiveCD with security tools .
Remember that if you use these tools, you use then at your own risk. And that the developers who make the tools except no responsible for what you do with them.
isnt knoppix std to old ???
any more ideas on the exposed shell??