Apache Recon: Basics

The Apache HTTP Server, commonly known as Apache, is a free and open-source web server software that powers a significant portion of the internet. It's renowned for its reliability, robustness, and flexibility, making it one of the most popular choices for hosting websites. In this lab, we will look at the basics of Apache server reconnaissance.

Task:

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.

Objective: Answer the following questions:

Which web server software is running on the target server and also find out the version using nmap.
Which web server software is running on the target server and also find out the version using suitable metasploit module.
Check what web app is hosted on the web server using curl command.
Check what web app is hosted on the web server using wget command.
Check what web app is hosted on the web server using browsh CLI based browser.
Check what web app is hosted on the web server using lynx CLI based browser.
Perform bruteforce on webserver directories and list the names of directories found. Use brute_dirs metasploit module.
Use the directory buster (dirb) with "/usr/share/metasploit-framework/data/wordlists/directory.txt" dictionary to check if any directory is present in the root folder of the web server. List the names of found directories.
Which bot is specifically banned from accessing a specific directory?

Tools

The best tools for this lab are:

Nmap
Metasploit Framework
browsh
lynx
dirb
curl
wget

Solutions:

Step 1: Open the lab link to access the Kali machine.

Content Image

Step 2: Check if the target machine is reachable:

Command:

ping -c 4 demo.ine.local

Content Image

The target is reachable.

Step 3: Check which web server software is running on the target server and also find out the version using nmap.

Command:

nmap -sV -script banner demo.ine.local

Content Image

Apache 2.4.18 is running on the target machine.

Step 4: Which web server software is running on the target server and also find out the version using suitable metasploit module.

Command:

msfconsole

use auxiliary/scanner/http/http_version
set RHOSTS demo.ine.local
exploit

Content Image

Apache 2.4.18 is running on the target machine.

Step 5: Check what web app is hosted on the web server using curl command.

Command:

curl http://demo.ine.local/

Content Image

It is the Apache default page.

Step 6: Check what web app is hosted on the web server using wget command.

Command:

wget http://demo.ine.local/index
ls
cat index

Content Image

It is the Apache default page.

Step 7: Check what web app is hosted on the web server using browsh CLI based browser.

Command:

browsh --startup-url demo.ine.local

Content Image

It is the Apache default page.

Step 8: Check what web app is hosted on the web server using lynx CLI based browser.

Command:

lynx http://demo.ine.local

Content Image

It is the Apache default page.

Step 9: Perform bruteforce on webserver directories and list the names of directories found. Use brute_dirs metasploit module.

Command:

use auxiliary/scanner/http/brute_dirs
set RHOSTS demo.ine.local
exploit

Content Image

The names of the directories found are dir and src.

Step 10: Use the directory buster (dirb) with "/usr/share/metasploit-framework/data/wordlists/directory.txt" dictionary to check if any directory is present in the root folder of the web server. List the names of found directories.

Command:

dirb http://demo.ine.local /usr/share/metasploit-framework/data/wordlists/directory.txt

Content Image

We found two directories named data and dir.

Step 11: Check which bot is specifically banned from accessing a specific directory?

Command:

use auxiliary/scanner/http/robots_txt
set RHOSTS demo.ine.local
run

Content Image

The answer is BadBot.

Conclusion

In this lab, we looked at the basics of Apache server reconnaissance.

References

PreviousPassive Crawling with Burp Suite NextScanning Web Application with Nikto

Last updated 11 months ago