Web Enumeration

What is HTTP (s)?

Hyper Text Transfer Protocol is essentially what the World Wide Web uses to display and distribute information usually by means of client side web browsers pulling information from remote web servers.

A client usually initiates a request and the server duly responds.  The means of access to specific information using HTTP is usually by means of user supplied Uniform Resource Locators (URL's).  The Domain Name service will then look up the URL and translate this to the URL's corresponding IP Address and the message is then routed to the server.

HTTP is inherently insecure due to it being a clear text protocol.  HTTPS, however, has an additional encryption layer in-built into the protocol and should be used, where possible within your network, (and for the remote management of devices). 

A web server will respond with disparate error codes i.e. 200 OK which can help the tester when carrying out a vulnerability assessment.

HTTP uses TCP Port 80 and HTTPS uses TCP Port 443 as there communications channels.

A more detailed explanation and links to associated documentation and RFC's etc. can be found here and here.

Hopefully the tools I have reviewed will go some way to help you enumerate/ interact with any Firewalls you find.

Port 80 - Hypertext Transport Protocol open

telnet 192.168.0.1 80

-->HEAD / HTTP/1.0

-->

HTTP/1.1 200 OK

Content-Length:1433

Content-Type: test/html

Content-Location: http://192.168.0.1/iistart.htm

Last-Modified: Wed, 2 Nov 2005 11:21:52 GMT

Accept-Ranges: bytes

ETag: "98gf66c25abv54:254"

Server: Microsoft-IIS/6.0

Date: Wed, 9 Apr 2007 15:29:50 GMT

Connection: close

Enumerates that there is an IIS 6 web server running on the remote host and most probably running on a Windows 2k3 host.  You would then tailor your vulnerability search to this version of IIS and of course the most likely OS.