Hacking

  Welcome back to part IV in the Metasploitable 2 series. In  part I  we’ve configured our lab and scanned our target, in part II we’ve hacked port 21, in part III, enumerated users with port 25 and now it’s time to check port 80. Port 80 is the default port for http services (web pages). In a previous scan we’ve determine that port 80 is open. It’s now time to determine what is running behind that port. First do a nmap scan: > db_namp -sV 192.168.231.109 -p 80 It’s Apache running in Ubuntu. Let’s try to gather some more info with an auxiliary scanner: >  use auxiliary/scanner/http/http_version > show options > run It’s Apache 2.2.8 with PHP 5.2.4. We can navigate to ‘ http://192.168.231.109/phpinfo.php ’ and confirm the information already gathered: Lets try other http modules to obtain more information about our server: ‘dir_listing’ will determine if directory listing is enabled: > use auxiliary/scanner/http/dir_listing > show opti...