Initial enumeration
In this step, we aim to discover open ports/services on the web server. The following shows how we can do it with nmap:
$ nmap -sS -n -Pn -v <target> The following displays the output from the scan:
As we can see, there are multiple ports open, which is really exciting for us 🤤.
The first service that I would like to find would be HTTP, which relates to a web application. Since the common HTTP(S) ports (80 and 443) are not open, we have to enumerate through each of the found ports to find the one that serves the content.
We can manually visit each port from the browser. However, some security-enhanced ones such as Firefox may block non-standard ports. Alternatively, we can use the curl tool to test it too:
$ curl http://<target>:<port>Ports 4000 and 50000 are found to return valid HTTP content (headers and body), this indicates that a web application is present.
Last updated