WebApp Sec mailing list archives

Re: Virtual IP addresses


From: Jon Hart <jhart () spoofed org>
Date: Wed, 22 Feb 2006 19:30:45 -0500

On Wed, Feb 22, 2006 at 09:32:58PM +0100, thomas springer wrote:
Joshua,

If you mean to find virtual hosts for an ip:

You might want to try http://www.serversniff.net/get-hostonip.php.
Enter a hostname, e.g. www.hostname.com or an ip like 64.15.205.244 to
find other hostnames and domains living on this ip.

You might also stop by at whois.sc - but their scope used to be limited
to a few tlds.

Another bet is to try https://<ipnum> - If there is a https-server
living on this host, your browser will present you the domainname of
the certificate.

Another idea along those lines would be to try both HTTP/1.0 and
HTTP/1.1, notably HTTP/1.1 with a fake Host header.

I'm not sure what the result will be with ISA, but it is worth a shot.

Also, maybe check out the headers that are returned by the server --
that may give you some clues: `GET -dSe ip.address.here`

-jon

-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------


Current thread: