-
March 14th, 2006, 02:10 PM
#1
Junior Member
exposed shell
hi whats up??
my friend ask me to pentest to his server and i started with nmap after that i started nikto and found very intresting
file on the server
nikto has found a shell in the cgi dir (cgi/bash),well i though i will finish the pentest just after 10 min .
but i was unable to communicete with that shell the server sayd "404 not found" .
if there is a shell exposed in the server i have to communicete with him and if its work i need to tell my friend to delete the file.
how can i commuincete with that shell ??
any ideas and links will be great .
the server runing under apache 2.0.55 and
tnx in advence.
-
March 14th, 2006, 02:37 PM
#2
404 Not Found means the file doesn't exist..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 14th, 2006, 02:46 PM
#3
Junior Member
but if the file doesn't exist how did nikto finds it ???
and it happend to me sevrel times but it always interact with those shells
any more ideas
-
March 14th, 2006, 03:21 PM
#4
Is it possible there are more than one cgi-bin directories and you only checked the primary one?
From looking at the code nikto tries to determine all of them.
There are two rules for success in life:
Rule 1: Don't tell people everything you know.
-
March 14th, 2006, 04:12 PM
#5
Does nikto connect to a hostname (www.mydomain.com i.e.) or an IP address? It may only exist on a certain virtual host..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 14th, 2006, 06:11 PM
#6
Junior Member
nikto connect to an ip address
-
March 15th, 2006, 06:26 AM
#7
Banned
If you want a serious pentest, then I'd suggest Phlak (Professional Hackers Linux Assult Kit), a LiveCD with some very interesting tools . You could also try Knoppix STD, again LiveCD with security tools .
Remember that if you use these tools, you use then at your own risk. And that the developers who make the tools except no responsible for what you do with them.
-
March 16th, 2006, 04:26 PM
#8
Junior Member
isnt knoppix std to old ???
any more ideas on the exposed shell??
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|