Penetration Testing mailing list archives
Re: [PEN-TEST] Finding Web Admin Pages
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Sun, 25 Mar 2001 19:21:34 +0200
-----Original Message----- From: Julian Niemeyer [mailto:julian.niemeyer () VIRGIN NET] Sent: Sunday, March 25, 2001 12:59 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Finding Web Admin Pages Some Web servers seem to allow administration via HTTP. Obviously, there is not a link on the home page "Click here to administer the server"! Instead, the pages are hidden away - security through obscurity. I want to be able to find them. Thanks, Julian
Not exactly what you meant, but Sun's Java-Web-Server is using 9090/tcp and 9091/tcp to send you a java applet of the administration GUI. It's also worth noting that the default UserName/Password is admin/admin, IIRC. Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)