Results 1 to 8 of 8

Thread: exposed shell

  1. #1
    Junior Member
    Join Date
    Feb 2006
    Posts
    26

    exposed shell

    hi whats up??

    my friend ask me to pentest to his server and i started with nmap after that i started nikto and found very intresting
    file on the server

    nikto has found a shell in the cgi dir (cgi/bash),well i though i will finish the pentest just after 10 min .

    but i was unable to communicete with that shell the server sayd "404 not found" .

    if there is a shell exposed in the server i have to communicete with him and if its work i need to tell my friend to delete the file.

    how can i commuincete with that shell ??

    any ideas and links will be great .

    the server runing under apache 2.0.55 and

    tnx in advence.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    404 Not Found means the file doesn't exist..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    26
    but if the file doesn't exist how did nikto finds it ???

    and it happend to me sevrel times but it always interact with those shells

    any more ideas

  4. #4
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    Is it possible there are more than one cgi-bin directories and you only checked the primary one?

    From looking at the code nikto tries to determine all of them.
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Does nikto connect to a hostname (www.mydomain.com i.e.) or an IP address? It may only exist on a certain virtual host..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Junior Member
    Join Date
    Feb 2006
    Posts
    26
    nikto connect to an ip address

  7. #7
    If you want a serious pentest, then I'd suggest Phlak (Professional Hackers Linux Assult Kit), a LiveCD with some very interesting tools . You could also try Knoppix STD, again LiveCD with security tools .

    Remember that if you use these tools, you use then at your own risk. And that the developers who make the tools except no responsible for what you do with them.

  8. #8
    Junior Member
    Join Date
    Feb 2006
    Posts
    26
    isnt knoppix std to old ???

    any more ideas on the exposed shell??

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •