Join Malcolm Shore for an in-depth discussion in this video Getting into a website with Nikto, part of Ethical Hacking: Enumeration.
- [Instructor] Having identified our target list…of web servers using a tool such as WhatWeb,…we can use Nikto to get more detailed enumeration…of each of the websites.…Let's run Nikto against the Metasploitable server…on 10.0.2.8.…We can see that Metasploitable presents…an Apache 2.2.8 server with WebDAV.…Nikto advises that anti-clickjacking,…cross-site scripting protection,…and X-Content-Type headers aren't set.…
There's a warning that the Apache server is outdated.…There's a couple more warnings…about a tcn header and MultiView weakness.…Nikto then identifies a number of vulnerabilities,…starting with OSVDB-877,…which means that the TRACE option is active…and it's vulnerable to cross-site tracing.…Nikto identifies a folder, doc, which can be browsed.…Let's check that out.…
Nikto was right.…We have a lot of entries in this folder.…I won't go through each…of the vulnerabilities identified in detail.…However, these do provide a good start point…for your subsequent deeper testing.…
An overview of the CEH exam, blueprint, and eligibility criteria can be found at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- What is enumeration?
- Understanding NetBIOS, SMB, SAMBA, and RPC
- Profiling hosts
- Investigating interfaces
- Enumerating SMB
- Enumerating SNMP and RPC
- Enumerating the Internet
- Working with other enumeration tools
Skill Level Intermediate
1. Basics of Enumeration
2. Local Host Enumeration
3. Remote Hosts
4. Enumerating Web Apps
What's that web server? New1m 36s
5. Enumerating the Internet
6. Other Enumeration Tools
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.