Nikto

───────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       β”‚ File: Nikto-80.txt
───────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   β”‚ - Nikto v2.1.6/2.1.5
   2   β”‚ + Target Host: 192.168.105.122
   3   β”‚ + Target Port: 80
   4   β”‚ + GET Retrieved x-powered-by header: ASP.NET
   5   β”‚ + GET The anti-clickjacking X-Frame-Options header is not present.
   6   β”‚ + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XS
       β”‚ S
   7   β”‚ + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a d
       β”‚ ifferent fashion to the MIME type
   8   β”‚ + GET Retrieved x-aspnet-version header: 4.0.30319
   9   β”‚ + OPTIONS Retrieved dav header: 1,2,3
  10   β”‚ + OPTIONS Retrieved ms-author-via header: DAV
  11   β”‚ + OPTIONS Uncommon header 'ms-author-via' found, with contents: DAV
  12   β”‚ + OPTIONS Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, 
       β”‚ UNLOCK 
  13   β”‚ + OSVDB-397: GET HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
  14   β”‚ + OSVDB-5646: GET HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
  15   β”‚ + OSVDB-5647: GET HTTP method ('Allow' Header): 'MOVE' may allow clients to change file locations on the web server.
  16   β”‚ + OPTIONS Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, U
       β”‚ NLOCK 
  17   β”‚ + OSVDB-397: GET HTTP method ('Public' Header): 'PUT' method could allow clients to save files on the web server.
  18   β”‚ + OSVDB-5646: GET HTTP method ('Public' Header): 'DELETE' may allow clients to remove files on the web server.
  19   β”‚ + OSVDB-5647: GET HTTP method ('Public' Header): 'MOVE' may allow clients to change file locations on the web server.
  20   β”‚ + OPTIONS WebDAV enabled (PROPPATCH COPY UNLOCK LOCK MKCOL PROPFIND listed as allowed)

Tried to see if there was anyting I could do about Webdav

╭─ ο…Ό  ξ‚± ο„•  /home/kali/impacket/examples ξ‚± ο„“   master ?30 ▓▒░───────────────────────────────────░▒▓ βœ” ξ‚³ root@kali ξ‚°
╰─ davtest  -url http://192.168.105.122:80/
********************************************************
 Testing DAV connection
OPEN		FAIL:	http://192.168.105.122:80	Unauthorized. Basic realm="192.168.105.122"

Unfortunately nothing.

PreviousWeb ServicesNextDirb Extensions

Last updated