Thursday, 13 April 2017

Hacking a Web Server : Scanning server using NMAP

It's been a long time since I wrote any article for my blog. I was pretty busy with my Python and Java programming. I am back again with a new article for you guys. This time it's going to be series of articles showing you how can you hack a web server. In this series, I am going to start from basics like scanning the web servers for open ports, banner grabbing of different types of services running on the server. I am going to use a vulnerable Virtual Machine as my victim web server. 

In the first article of this series, I am going to show you how you can scan for open ports in a web server. I am going to use a tool named Nmap. You can easily download the tool from the google. But I recommend you use any hacking distro because all the tools we are going to need further in this series are already pre-installed in the distros.

Things You Need

  1. Vulnerable Server. I recommend you use any Vulnerable VM available on the internet.
  2. Kali Linux or any OS with NMAP installed.
  3. Basic knowledge of the computers and internet.


  • The objective of today's article is to scan the server for open ports and banner grab the services running on the server.

Scanning the server

  • Open the terminal of your Distro and enter the following command

  • What the above command does it looks for open ports available on the server. It looks for most common ports.   
  • In the image given above, you can see all the open ports with the service name. Example, port 80 is for HTTP which means a web service like apache, Nginx etc is running on the server.
  • This was the most basic scan we can perform on the server. Nmap can perform a more powerful scan on a server. 
  • Nmap comes with a whole lot of option which we can use to scan a server.
Above we scanned a server and we found the open ports now for more advanced scanning I am going to talk about NMAP cheatsheet. 

Nmap Cheatsheet

Port Scanning

  • Scanning a single port: nmap -p 80
  • Scanning a range of ports: nmap -p 1-100
  • Scanning TCP ports: nmap -sS
  • Scanning UDP ports: nmap -sU
  • Scanning for common ports: nmap -F

Service and OS detection

  • Scanning the OS of server: nmap -O
  • Scanning standard service of server: nmap -sV
  • Aggressive scan of services: nmap -sV --version-intensity 5

Scanning HTTP service

  • Getting HTTP header: nmap --script=http-headers
  • Finding Web apps installed on server:  nmap --script=http-enum
You can also use different option together to create custom scan perimeters. In my case, I was able to find that my victim was running apache2 server with WordPress web app. Also in some cases, you have to run some command as root so make sure to add sudo.

So this was the first part of the series. I am going to write some articles soon.

No comments:

Post a Comment

Share your problems but don't spam here