Re: [PEN-TEST] Finding Web Admin Pages

[Gossi The Dog <gossi () OWNED LAB6 COM>]

On Sun, 25 Mar 2001, Julian Niemeyer wrote:

> Some Web servers seem to allow administration via HTTP. Obviously, there is
> not a link on the home page "Click here to administer the server"!
> Instead, the pages are hidden away - security through obscurity.  I want to
> be able to find them.
>
> For a tool, I am first going to look at elza from www.stoev.org before
> writing anything.  I recon it will be easy to check if a search returns a
> 404, 403 or 401.
>
> However, I am keen to avoid having to brute force directiories.  Does anyone
> know of a list of well-used or default admin pages and ports for web servers
> (or other systems for that matter).
>
> If not, perhaps folks could post any that they have come across to this list
> so a collection can be compiled.

Well, a nice one to look out for on Cobalt RaQ's (which run a modified
version of Redhat 6) is port 81 - the web administrator port, which runs
Apache.  Oh, and apache is running as root so the CGI scripts run
properly.  This is, of course, extremely dumb, and has been covered
indepth on bugtraq.

With a carefully grafted Google search string (which I admit I've now
lost) I managed to dig out about 300 RaQs.  However, many ISPs have
hundreds of these boxes, so I suspect that figure is wrong.

HTH,
Gossi.