Penetration Testing mailing list archives
Re: [PEN-TEST] Finding Web Admin Pages
From: Gossi The Dog <gossi () OWNED LAB6 COM>
Date: Sun, 25 Mar 2001 23:46:11 +0100
On Sun, 25 Mar 2001, Julian Niemeyer wrote:
Some Web servers seem to allow administration via HTTP. Obviously, there is not a link on the home page "Click here to administer the server"! Instead, the pages are hidden away - security through obscurity. I want to be able to find them. For a tool, I am first going to look at elza from www.stoev.org before writing anything. I recon it will be easy to check if a search returns a 404, 403 or 401. However, I am keen to avoid having to brute force directiories. Does anyone know of a list of well-used or default admin pages and ports for web servers (or other systems for that matter). If not, perhaps folks could post any that they have come across to this list so a collection can be compiled.
Well, a nice one to look out for on Cobalt RaQ's (which run a modified version of Redhat 6) is port 81 - the web administrator port, which runs Apache. Oh, and apache is running as root so the CGI scripts run properly. This is, of course, extremely dumb, and has been covered indepth on bugtraq. With a carefully grafted Google search string (which I admit I've now lost) I managed to dig out about 300 RaQs. However, many ISPs have hundreds of these boxes, so I suspect that figure is wrong. HTH, Gossi.
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)