Using Skipfish to Perform Web Server Reconnaissance
Skipfish is a web app tool for security reconnaissance. Hackers can use it to collect the information about a webserver and analyze it to find vulnerabilities.
In this practical, let’s understand how to perform security reconnaissance on a webserver and analyze the results.
- Click on the Terminal icon to launch Skipfish.
- In this lab, we are targeting a WordPress site. Enter the output directory and load the dictionary file on the basis of the web server need. For instance, the name of the output directory here is test.
Write skipfish -o /root/test -S /usr/share/skipfish/dictionaries/complete.wl http://[IP Address of Windows Server 2012]:8080 and press Enter. Other local websites can also be targeted here that are hosted on Windows Server 2016.
- Skipfish will run a brute-force attack on the web server using complete.wl dictionary file. It will then create a dictionary in the root folder and save the output in index.html in the folder.
- Skipfish can take up to 20 minutes for complete scanning.
Press Ctrl+C to stop the scanning in case it takes a lot of time in scanning. Close the terminal.
- Once scanning is complete, the tool will show the report which is saved in the test directory or the root location. Double-click on index.html to see the scan output.
- The result will show in a browser, where you can see the summary of document types, issues, etc.
- You can expand the nodes to see details. Check and analyze the issues.
- Check the URL of the pages that have vulnerabilities and visit those pages.
- In the Skipfish tab, you can do examination of the vulnerability in detail.
- You will see an HTTP trace window on the webpage, showing the HTML session. You can check other vulnerabilities and patch them.
- Once the lab is completed, close all the apps, files, and folders used during the practice.
Using httprecon Tool to Footprint a Web Server
Web apps contain information, user data, and business details. However, without proper security practices, these can become vulnerable.
In this practical, we will use the httprecon tool to footprint a web server.
- Open the httprecon tool by going to Module 13 Hacking Web Servers\Web Server Footprinting Tools\httprecon and double-click on httprecon.exe.
- In Target, choose http:// from dropdown and write 10.10.10.12:8080/ceh in the address field. Select 8080 from the list of ports. Click on Analyze.
- Scroll down to GET existing tab and check the server, its version, and server-side app used to create the web pages. Click on the GET long request tab to see the list of all the GET requests. Next, click on Fingerprint Details tab.
Hackers can obtain this information to use it for performing malicious activities like sniffing over HTTP.
- Close all the tabs and files when the lab is complete.