Java Reference
In-Depth Information
Figure 12.6
Web site to obtain details about target domain using WHoIS.
12.2.1.2 Operating Environment and Services Enumeration
Operating environment and services enumeration is one of the key steps in the gathering of infor-
mation for testing Web applications. he purpose of OS and services enumeration is to gain infor-
mation about the operating system and the services running on the system that is hosting the Web
application. he Web server, application server, and database services can be enumerated with the
help of certain techniques. For instance, a Web application might be running on an Ubuntu 9.1
server, with an Apache Tomcat v. 6.0 and a MYSQL database. An attacker or tester can gain a deep
understanding of this environment and perform more speciic testing procedures to try and expose
certain vulnerabilities that may manifest in the system. Operating environment enumeration can
also be performed by
port scanning
.
Port scanning is a test performed to discover open ports (ports used for communication of ser-
vices) and gain an understanding of any interesting ports, which may be used to perform attacks
and breach the security of the system. Port scanning is performed with the help of certain tools
that are used by testers to identify open and vulnerable services. he port scan clearly reveals that
the server that hosts a Web application is potentially vulnerable as it supports SSL v. 2.0, which
is considered nonsecure. he below provided extract is the result of a port scan from the popular
port scanning tool
Nmap
.
Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-04 23:21 IST
Stats: 0:00:12 elapsed; 0 hosts completed (1 up), 1 undergoing SYN
Stealth Scan
Interesting ports on w5.interactivedns.com (192.168.1.1):
Not shown: 979 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
25/tcp open smtp MailEnable smptd 1.981--
|_ smtp-commands: EHLO home [192.168.1.1], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN
26/tcp open smtp MailEnable smptd 1.981--
|_ smtp-commands: EHLO home [192.168.1.1], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN
53/tcp open domain ISC BIND 9.2.4
Search WWH ::
Custom Search