Http/http version
De www.metasploit-es.com.ar
El escaneador "http_version" escaneara un rango de hosts y determinara la version del servidor web que se esta ejecutando en ellos.
msf > use auxiliary/scanner/http/http_version msf auxiliary(http_version) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOSTS yes The target address range or CIDR identifier RPORT 80 yes The target port THREADS 1 yes The number of concurrent threads VHOST no HTTP server virtual host
Para ejecutar el escaneo, definimos los valores RHOSTS y THREADS y lo ejecutamos.
msf auxiliary(http_version) > set RHOSTS 192.168.1.0/24 RHOSTS => 192.168.1.0/24 msf auxiliary(http_version) > set THREADS 255 THREADS => 255 msf auxiliary(http_version) > run [*] 192.168.1.2 Web Server [*] 192.168.1.1 Apache ( 302-https://192.168.1.1:10443/ ) [*] 192.168.1.11 [*] Scanned 080 of 256 hosts (031% complete) [*] 192.168.1.101 Apache/2.2.9 (Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch ...snip... [*] 192.168.1.250 lighttpd/1.4.26 ( 302-http://192.168.1.250/account/login/?next=/ ) [*] Scanned 198 of 256 hosts (077% complete) [*] Scanned 214 of 256 hosts (083% complete) [*] Scanned 248 of 256 hosts (096% complete) [*] Scanned 253 of 256 hosts (098% complete) [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(http_version) >
Armado con el conocimiento del software del servidor web, los ataques pueden construirse especificamente para el objetivo.
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
