- This topic has 9 replies, 5 voices, and was last updated 8 years, 6 months ago by
shadowzero.
-
AuthorPosts
-
-
July 9, 2012 at 3:31 pm #7705
skorpinok
ParticipantHello,
How to enable port 80 in windows xp sp2 virtual machine, i have bactrack 5R2 & when i run an nmap scan against my xp machine i dont see port 80, please help me with this.Nmap scan report for 192.168.56.102
Host is up (0.00052s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 08:00:27:3C:9B:C3 (Cadmus Computer Systems)Regards
skorpinok -
July 9, 2012 at 3:49 pm #48050
shadowzero
ParticipantA port opens up when there’s a service listening on it. In this case, port 80 is usually open if you have a webserver running on the machine. If you’re just playing around with nmap, then you can use netcat to listen on port 80 so nmap sees it as open. Of course if you plan on playing with exploits that specifically attack a webserver, you’ll need to install the actual webserver to get it working.
-
July 9, 2012 at 7:22 pm #48051
skorpinok
ParticipantThank you..
-
July 9, 2012 at 7:30 pm #48052
CrazyTalk
ParticipantIn addition to shadow’s response, an easy server to put out with a minimum of fuss is to get the XAMP suite from apachedfriends.org.
What I did when first starting was to just drop it on my VM, start it up and start hitting it. Then I started to apply hardening measures until the easy stuff wouldn’t work. After that you can search for new vulnerabilities and get creative.
regards
CT
-
July 9, 2012 at 7:51 pm #48053
cyber.spirit
ParticipantYou can add iis webserver on ur window xp machine it opens and listens port 80 besides its so easily
Check it:
http://www.webwiz.co.uk/kb/asp-tutorials/installing-iis-winXP-pro.htm -
July 11, 2012 at 12:04 am #48054
Triban
ParticipantWebgoat is a fun thing to run on an XP system, basically turns it into a vulnerable web server running on Apache I think. Run the exe and boom you have a web server to attack, to close it down, stop the app and you are back to normal.
You can throw IIS on if you want to go more specific with learning Windows based Webservers. It isn’t really IIS in WinXP, but it is the Web Services. Very limited version of IIS. Designed mostly for putting up quick and dirty pages or even for testing basic web development.
-
July 11, 2012 at 7:33 pm #48055
cyber.spirit
Participanti agree with webgoat but if he has winxp i think the exploit must be for iis
-
July 13, 2012 at 1:31 am #48056
Triban
ParticipantIf he is just playing around with nmap to learn it really doesn’t matter what the web server is running. I go with Webgoat because it is designed with flaws. The Win XP webserver is close to IIS but missing a ton of features. The best bet for learning to pen test IIS is to grab an eval copy of Windows 2008 and build a web server on IIS 7. This way he will learn first how to build a Windows web server and then work toward hardening it as he is testing against it. Sadly there are not that many publicly known exploits for IIS 7. Webgoat is a nice quick and dirty web server that requires little setup. Run the exe and boom, server is up, proceed to testing.
-
July 13, 2012 at 7:27 am #48057
skorpinok
ParticipantGreat thanks guy’s for all your’s really helpful suggestions, i will try with webgoat..& how about Mutillidae ? is that any good for practice ? can i install it on windows xp ?
Best Regards
Skorpinok. -
July 13, 2012 at 7:31 am #48058
shadowzero
Participant@skorpinok wrote:
Great thanks guy’s for all your’s really helpful suggestions, i will try with webgoat..& how about Mutillidae ? is that any good for practice ? can i install it on windows xp ?
Best Regards
Skorpinok.Yes, the website tells you that: http://sourceforge.net/projects/mutillidae/ Quickest way to set it up is to just install XAMPP.
-
-
AuthorPosts
- You must be logged in to reply to this topic.