Hack Web Servers using Nikto and WhatWeb: Web Scanning Unleashed
ฝัง
- เผยแพร่เมื่อ 19 ต.ค. 2023
- Join this channel to get access to perks:
/ @pentest_tv
Let's hack a web server using just Nikto and WhatWeb on Kali Linux to discover our exploitable vulnerability. These two amazing tools perform web scanning and vulnerability assessment that we will leverage to identify an exploit using searchsploit.
By understanding what each tool is capable of, we'll be able to better assess our network and security posture. We'll also explore some of the most common web vulnerabilities and how to exploit them using Nikto and WhatWeb. By the end of this video, you'll have a better understanding of how to conduct a professional reconnaissance phase and successfully exploit web vulnerabilities.
Join our Discord Server: / discord
Kioptrix Level 1(#1): www.vulnhub.com/entry/kioptri...
Kioptrix Level 1.2 (#3): www.vulnhub.com/entry/kioptri...
Thank you sir finally some stuff related to Web is out on your channel ❤
My pleasure! Glad you enjoyed the video and if there any topics you’d like me to discuss, feel free to let me know. Thanks again!
solid sir
Appreciate it - thanks for watching!
Recon is probably your most important thing you can do before trying to exploit a target!!great vid as always!!
Absolutely! It can make or break an engagement. Glad you enjoyed the video and thanks for watching!
Please, if possible, cover these advanced topics like How to bypass Drupal CMS or other secured CMS? How to bypass HARD WAF protection that stops HTML, SQL, and XSS injection payloads? Payload single-double-triple encoding using Cyber-Chef? How to find the real origin IP of secured websites behind Cloudflare, Akamai, ModSecurity, AWS CDN, etc.,? How to bypass Hard WAF using SQLMAP or Burpsuite? How to find hidden vulnerable parameters and endpoints inside the .js and .jason files? How to find hidden admin pages, cPanel pages, and WHM pages ? Please cover these important topics. Thanks
Thanks for the suggestions. I can definitely cover more advanced topics, especially those that are heavily used by red teams. Thanks again!
Thanks for your helpful
Glad you found it useful - thanks for the comment!
Can you explain more about the URI?
URI indicates where in the URL is the location of the LotusCMS. The default location might look like kioptrix.com/lcms/index.html so the URI would be /lcms… but in this case it’s at the / directory so that’s why we changed it from the default.
Hope that helps. Lmk if you still have questions. Thanks for watching!
Please make beginner to advance level practical live website hacking, live website bug hunting, live website penetration testing, live website exploitation content video series...
🙏 😊 💯✌❤💚💙💜😍😘🤝
I’m working my way up the CKC methodology and skill level. I’ll be able to cover all those topics for sure. Thanks for watching!
Exploit competed, but no session was created. Any ideas, I re-download and re-created the VM and still not working.
Make sure you selected the correct reverse shell - if you continue to have issue, swing by the discord server and we can walk through it. For clarity, that error means the hack worked, but your payload is wrong.