Penetration Testing mailing list archives
Re: [PEN-TEST] Finding Web Admin Pages
From: Fyodor <fygrave () TIGERTEAM NET>
Date: Mon, 26 Mar 2001 00:26:57 +0700
On Sun, Mar 25, 2001 at 11:59:28AM +0100, Julian Niemeyer wrote:
Some Web servers seem to allow administration via HTTP. Obviously, there is not a link on the home page "Click here to administer the server"! Instead, the pages are hidden away - security through obscurity. I want to be able to find them. For a tool, I am first going to look at elza from www.stoev.org before writing anything. I recon it will be easy to check if a search returns a 404, 403 or 401.
#!/usr/bin/perl use HTTP::Request::Common; use LWP::UserAgent; $ua = new LWP::UserAgent; $ua->agent("Blah"); $url = "http://ww.yourfolks.com/"; while(<STDIN>) { chomp; my $req = GET $url . $_; $res = $ua->request($req); if ($res->code != 404 && $res->code != 403 && $res->code != 401) { # do your logging here... print "Content: ",$res->as_string, "\n"; } } -/cut here/- use it as cat your_word_file | ./this_script.pl | tee logs, or something :)
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)