Web information gathering

First step , Open the network topology , Start the experimental virtual machine , View the virtual machines separately IP Address ：

Kali Linux

Linux

1. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test （ Using tools Nikto, View the complete help file for this command ）, And the operation uses the fixed string in the command as Flag Value submission ; 

Command view Nikto Complete help file for the tool

Flag：nikto -H

2. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test （ Using tools Nikto, Scan target server 80 port , Detect its open state ）, And regard all commands to be used in this operation as Flag Value submission （ The destination address is in http://10.10.10.1 To express ）; 

Flag: nikto -host http://10.10.10.1

3. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test （ Using tools Nikto, Scan target server 80 port ）, Echo information to Apache The version number of the service is used as Flag Value submission ;

Flag：2.2.15

4. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test （ Using tools Nikto, Scan target server 80 port ）, Echo information to PHP The version number of is used as Flag Value submission ;

Flag：5.3.3

5. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test , Using tools Nikto And combine Nmap Scan according to the scanning results , use first Nmap The effect of the tool on the network segment where the target is located 80 Port scan , And output the scanning results to the specified file in all formats target in , Take the parameters needed for outputting all formats as Flag Value submission ; 

Flag:oA

6. Through the infiltration machine Kali Linux Target machine Linux Conduct Web Scanning penetration test , Using tools Nikto Generated by scanning question 5 target Web site in file , And all commands used in this operation are regarded as Flag Value submission .

Since all formats are output in question 5 to target in , The following three files will be generated under the execution path ,

Then directly call the suffix .gnmap Is ok

Flag：nikto -host target.gnmap

End of experiment , Shut down the virtual machine .