Scanning and Enumeration
Scanning
root@kali:/home/kali# nmap -sC -sV -p 80 10.10.10.15
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-24 00:24 EST
Nmap scan report for 10.10.10.15
Host is up (0.092s latency).
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 6.0
| http-methods:
|_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
| http-ntlm-info:
| Target_Name: GRANNY
| NetBIOS_Domain_Name: GRANNY
| NetBIOS_Computer_Name: GRANNY
| DNS_Domain_Name: granny
| DNS_Computer_Name: granny
|_ Product_Version: 5.2.3790
|_http-server-header: Microsoft-IIS/6.0
|_http-title: Under Construction
| http-webdav-scan:
| Server Date: Tue, 24 Nov 2020 05:32:22 GMT
| Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
| Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
| Server Type: Microsoft-IIS/6.0
|_ WebDAV type: Unknown
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windowsEnumeration
The scan shows that the HTTP PUT method is allowed. This could possibly ive us the ability to save files on the web server. Since this is Microsoft IIS web server, the type of files it executes are ASP and ASPX.
ASP and ASPX are not allowed. However, TXT and HTML files are allowed. Recall, PUT HTTP method was not the only method, also have the MOVE HTTP Method. The MOVE method can be used to change file locations on the web server AND can also be used to RENAME files. LETS upload and HTML file on tlhe web server and rename it to change the extension to an ASPX file.
Changing the Extension
This confirms that we can upload ASPX code on the server.
Last updated
Was this helpful?