I get the NOT FOUND error message; this probably means that this system does not support CGI-Scripts. If the CGI-Bin directory had been blocked from public access, then we would probably have gotten the Forbidden Error Message.
However, finding out that our target system does have the CGI-Bin directory cannot be said to be disappointing as the known CGI exploits are almost primitive and finding out new exploits should be kept out of this manual.
OK, so Port 80 and Port 79 are ruled out, they neither have any vulnerability nor do they give any information about the target system. [Well actually the HTTP port does give us some valuable information, but we will come to that later.]
Anyway, so let us try Port 21 or the FTP port. Now, there are two ways of connecting to Port 21 of a host, the first one is to telnet to Port 21 and other one is to use the MS-DOS FTP client. You could choose any of the two for this section, however, I kind of like the command line FTP client, although many people say it is lame. Anyway, so I launch up a FTP connection to xxx.bol.net.in.
C:\windows>ftp xxx.bol.net.in
Connected to xxx.bol.net.in.
220-
220-#*************************************************************
220-# Welcome to MTNL's ftp site
220-#*************************************************************
220-#
220-# You can upload your own homepages at this site!!!
220-#
220-# Just login with your username and upload the HTML pages.
220-# (You can use your favourite HTML editor as well)
220-#
220-# World will see it at http://web2.mtnl.net.in/~yourusername/
220-#
220-# So get going......UNLEASH YOUR CREATIVITY !!!!
220-#
220-#*************************************************************
220-
220 ftp2.xxx.bol.net.in FTP server ready.
Jai Shree Raam
No comments:
Post a Comment