Fw: easy remote detection of a running tripwire for webpages syst em

[Juan Vera <core.lists.bugtraq () core-sdi com>]

Even simpler

# echo "ServerTokens Min" >> /whatever/httpd.conf
# cp `which httpd` .
# ed httpd
507904
,s/Apache\/1.2.34/YOUWONTKNOW!!/g
w
507904
q
# ./httpd
# tail -1 /whatever/error_log
[Fri Aug 31 17:39:05 2001] [notice] YOUWONTKNOW!! configured -- resuming
normal operations
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
head / http/1.1

HTTP/1.1 501 Method Not Implemented
Date: Fri, 31 Aug 2001 20:41:38 GMT
Server: YOUWONTKNOW!!
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
Connection: close
Content-Type: text/html; charset=iso-8859-1
etc

----- Original Message -----
From: Fernando Cardoso <core.lists.bugtraq () core-sdi com>
Newsgroups: core.lists.bugtraq
To: "Jordan K Wiens" <jwiens () nersp nerdc ufl edu>
Cc: <bugtraq () securityfocus com>
Sent: Friday, August 31, 2001 11:56 AM
Subject: RE: easy remote detection of a running tripwire for webpages syst
em


> Just edit #define SERVER_BASEVERSION "Whatever you want" in
> src/include/httpd.h and compile it.
>
> Fernando
>
> --
> Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
> Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
> Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
> email : fernando.cardoso () whatevernet com     http://www.whatevernet.com/
>
> > Know of any good links to documentation or source patches for completely
> > modifying or removing the banner?  Note also that the Prod option only
> > works with versions strictly greater than 1.3.12.  :-(
> >
> > --
>
>
> _____________________________________________________________________
>                       INTERNET MAIL FOOTER
> A presente mensagem pode conter informação considerada confidencial.
> Se o receptor desta mensagem não for o destinatário indicado, fica
> expressamente proibido de copiar ou endereçar a mensagem a terceiros.
> Em tal situação, o receptor deverá destruir a presente mensagem e por
> gentileza informar o emissor de tal facto.
> ---------------------------------------------------------------------
> Privileged or confidential information may be contained in this
> message. If you are not the addressee indicated in this message, you
> may not copy or deliver this message to anyone. In such case, you
> should destroy this message and kindly notify the sender by reply
> email.
> ---------------------------------------------------------------------


--- for a personal reply use: "Juan Vera" <juan () core-sdi com>