Me he simulado un ataque web a una pagina que he creado.
He empezado haciendo un simple escaner de puertos a la IP de la pagina web en cuestión.
Me escupe esto:
Citar
Host is up (0.11s latency).
Not shown: 941 filtered ports, 56 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000 (99%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (99%), Microsoft Windows Server 2003 SP1 or SP2 (96%), Microsoft Windows Server 2003 Enterprise Edition SP2 (94%), Microsoft Windows Server 2003 SP1 (94%), Microsoft Windows Server 2003 Enterprise Edition (93%), Microsoft Windows XP SP2 or Server 2003 SP2 (92%), Microsoft Windows XP SP2 (92%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP Professional SP2 (91%), Microsoft Windows XP SP 2 (91%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.61 seconds
Not shown: 941 filtered ports, 56 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000 (99%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (99%), Microsoft Windows Server 2003 SP1 or SP2 (96%), Microsoft Windows Server 2003 Enterprise Edition SP2 (94%), Microsoft Windows Server 2003 SP1 (94%), Microsoft Windows Server 2003 Enterprise Edition (93%), Microsoft Windows XP SP2 or Server 2003 SP2 (92%), Microsoft Windows XP SP2 (92%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP Professional SP2 (91%), Microsoft Windows XP SP 2 (91%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.61 seconds
Como descubro más cosas de la web y consigo acceder a ella? Ya se que 4estan las SQLi o XSS pero quería hacerlo como con el metasploit y una ip local... Viendo vulnerabilidades en los servicios que correo o los puerttos que pueda tener abiertos
Gracias