|
skorpinok
|
 |
« on: July 09, 2012, 10:31:01 AM » |
|
Hello,
How to enable port 80 in windows xp sp2 virtual machine, i have bactrack 5R2 & when i run an nmap scan against my xp machine i dont see port 80, please help me with this.
Nmap scan report for 192.168.56.102
Host is up (0.00052s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 08:00:27:3C:9B:C3 (Cadmus Computer Systems)
Regards
skorpinok
|
|
|
|
|
Logged
|
|
|
|
|
shadowzero
|
|
« Reply #1 on: July 09, 2012, 10:49:38 AM » |
|
A port opens up when there's a service listening on it. In this case, port 80 is usually open if you have a webserver running on the machine. If you're just playing around with nmap, then you can use netcat to listen on port 80 so nmap sees it as open. Of course if you plan on playing with exploits that specifically attack a webserver, you'll need to install the actual webserver to get it working.
|
|
|
|
|
Logged
|
|
|
|
|
skorpinok
|
|
« Reply #2 on: July 09, 2012, 02:22:30 PM » |
|
Thank you..
|
|
|
|
|
Logged
|
|
|
|
CrazyTalk
Newbie
 Offline
Posts: 4
It's not paranoia if they're really out there!
|
|
« Reply #3 on: July 09, 2012, 02:30:58 PM » |
|
In addition to shadow's response, an easy server to put out with a minimum of fuss is to get the XAMP suite from apachedfriends.org.
What I did when first starting was to just drop it on my VM, start it up and start hitting it. Then I started to apply hardening measures until the easy stuff wouldn't work. After that you can search for new vulnerabilities and get creative.
regards
CT
|
|
|
|
|
Logged
|
|
|
|
|
|
|
3xban
|
|
« Reply #5 on: July 10, 2012, 07:04:51 PM » |
|
Webgoat is a fun thing to run on an XP system, basically turns it into a vulnerable web server running on Apache I think. Run the exe and boom you have a web server to attack, to close it down, stop the app and you are back to normal.
You can throw IIS on if you want to go more specific with learning Windows based Webservers. It isn't really IIS in WinXP, but it is the Web Services. Very limited version of IIS. Designed mostly for putting up quick and dirty pages or even for testing basic web development.
|
|
|
|
|
Logged
|
Certs: GCWN
(@)Dewser
|
|
|
|
Cyber.spirit
|
|
« Reply #6 on: July 11, 2012, 02:33:34 PM » |
|
i agree with webgoat but if he has winxp i think the exploit must be for iis
|
|
|
|
|
Logged
|
ICS Academy Network Security Certified
|
|
|
|
3xban
|
|
« Reply #7 on: July 12, 2012, 08:31:54 PM » |
|
If he is just playing around with nmap to learn it really doesn't matter what the web server is running. I go with Webgoat because it is designed with flaws. The Win XP webserver is close to IIS but missing a ton of features. The best bet for learning to pen test IIS is to grab an eval copy of Windows 2008 and build a web server on IIS 7. This way he will learn first how to build a Windows web server and then work toward hardening it as he is testing against it. Sadly there are not that many publicly known exploits for IIS 7. Webgoat is a nice quick and dirty web server that requires little setup. Run the exe and boom, server is up, proceed to testing.
|
|
|
|
|
Logged
|
Certs: GCWN
(@)Dewser
|
|
|
|
skorpinok
|
|
« Reply #8 on: July 13, 2012, 02:27:25 AM » |
|
Great thanks guy's for all your's really helpful suggestions, i will try with webgoat..& how about Mutillidae ? is that any good for practice ? can i install it on windows xp ?
Best Regards
Skorpinok.
|
|
|
|
|
Logged
|
|
|
|
|
shadowzero
|
|
« Reply #9 on: July 13, 2012, 02:31:30 AM » |
|
Great thanks guy's for all your's really helpful suggestions, i will try with webgoat..& how about Mutillidae ? is that any good for practice ? can i install it on windows xp ?
Best Regards
Skorpinok.
Yes, the website tells you that: http://sourceforge.net/projects/mutillidae/ Quickest way to set it up is to just install XAMPP. |
|
|
|
|
Logged
|
|
|
|
|
