Nikto

───────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: Nikto-80.txt
───────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ - Nikto v2.1.6/2.1.5
   2   │ + Target Host: 192.168.105.122
   3   │ + Target Port: 80
   4   │ + GET Retrieved x-powered-by header: ASP.NET
   5   │ + GET The anti-clickjacking X-Frame-Options header is not present.
   6   │ + GET The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XS
       │ S
   7   │ + GET The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a d
       │ ifferent fashion to the MIME type
   8   │ + GET Retrieved x-aspnet-version header: 4.0.30319
   9   │ + OPTIONS Retrieved dav header: 1,2,3
  10   │ + OPTIONS Retrieved ms-author-via header: DAV
  11   │ + OPTIONS Uncommon header 'ms-author-via' found, with contents: DAV
  12   │ + OPTIONS Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, 
       │ UNLOCK 
  13   │ + OSVDB-397: GET HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
  14   │ + OSVDB-5646: GET HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
  15   │ + OSVDB-5647: GET HTTP method ('Allow' Header): 'MOVE' may allow clients to change file locations on the web server.
  16   │ + OPTIONS Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, U
       │ NLOCK 
  17   │ + OSVDB-397: GET HTTP method ('Public' Header): 'PUT' method could allow clients to save files on the web server.
  18   │ + OSVDB-5646: GET HTTP method ('Public' Header): 'DELETE' may allow clients to remove files on the web server.
  19   │ + OSVDB-5647: GET HTTP method ('Public' Header): 'MOVE' may allow clients to change file locations on the web server.
  20   │ + OPTIONS WebDAV enabled (PROPPATCH COPY UNLOCK LOCK MKCOL PROPFIND listed as allowed)

Tried to see if there was anyting I could do about Webdav

╭─      /home/kali/impacket/examples     master ?30 ▓▒░───────────────────────────────────░▒▓ ✔  root@kali 
╰─ davtest  -url http://192.168.105.122:80/
********************************************************
 Testing DAV connection
OPEN		FAIL:	http://192.168.105.122:80	Unauthorized. Basic realm="192.168.105.122"

Unfortunately nothing.

PreviousWeb ServicesNextDirb Extensions

Last updated