Penetration Testing mailing list archives

Re: [PEN-TEST] Finding Web Admin Pages

From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Sun, 25 Mar 2001 19:21:34 +0200

-----Original Message-----
From: Julian Niemeyer [mailto:julian.niemeyer () VIRGIN NET]
Sent: Sunday, March 25, 2001 12:59 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Finding Web Admin Pages

Some Web servers seem to allow administration via HTTP.
Obviously, there is
not a link on the home page "Click here to administer the server"!
Instead, the pages are hidden away - security through
obscurity.  I want to
be able to find them.

Thanks,

Julian


Not exactly what you meant, but Sun's Java-Web-Server
is using 9090/tcp and 9091/tcp to send you a java applet
of the administration GUI. It's also worth noting that the
default UserName/Password is admin/admin, IIRC.

Best Regards,

Yonatan Bokovza
IT Security Consultant
Xpert Systems

Current thread:

[PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
  - [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
    - Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)