The next part of the Kali Linux venture we were asked to try out some of the functions found native in the command prompt and in a couple of tools. The reason for doing this is to see what you can get out of very simple scanning online.
First of were some simple ones, doing a whois and nslookup. Now, instead of doing the normal whois request, I used the Dmitry application with the -w function. This gave almost the exact same result, but also gave me the IP address of the server.
As one can see from the information, the first part is the same as one can find from the Norwegian registry Norid.no. When looking at the menu for Dmitry, I found a few more exciting features to try out. I ran this command:
dmitry -p -f noroff.no
This command starts scanning the server for port status, and reads in the banner of the scanned port. as you can see from the results the ports 21, 22 and 80 is open. Now, 21 and 80 was expected – because they are for FTP (21) and HTTP (80). The website itself uses 80, and the area students log into are via FTP (Noroff has server space for students to upload files). The odd one is port 22, which is for logging in via SSH. Although being able to access via SSH can be convenient, it should not be permanently open and accessible like this. I am sure Noroff has their reasons for it, perhaps I will ask them.
Moving on to something more exciting, I had to try out GHDB (Google Hacking Database). This is a module for the Recon-ng tool for using Google to discover vulnerabilities and other hidden treasures online. Otherwise known as “search engine hacking”. I am using the commands from the tutorial:
recon-ng use ghdb set GHDB_FOOTHOLDS true set source .no
When giving the command “run” the tool searches the Norwegian domain for vulnerabilities. The outcome this time was 401 vulnerabilities – 380 of them were new.
Further one, I used the HTML module to create a nice report:
use html set CUSTOMER Norway set CREATOR Noroff set FILENAME /root/report.htm run
This feature actually works very good, and looks very good compared to many of the reporting modules out there. The funny part when looking through the report, is that I found vulnerabilities from the website ITPRO.no. This is a website that is supposed to be focusing on information technology, and lead article (20.02) is an interview of a renowned security expert. Of course he has nothing to do with the security of the site, but the coincidence is still funny.
I have publised the report to this site, please click here to read the report with all vulnerabilities.