A practical vulnerability analysis (The PcWeek crack)Sep 30, 1999, 16:10 (16 Talkback[s])
(Other stories by Jfs)
"First of all, I had to gather information on the remote host, what ports the machine had open and what possibilities were left open. After checking that most of the ports were either filtered by the firewall or unusable due to the tcp wrapper in the host, I decided that I was left only with the HTTP server..."
"So, it was running apache on a Red Hat box. The webpage said that the server will also run mod_perl, but mod_perl leaves a fingerprint in the Server: header which was not shown in the header that this server sent out."
"Apache 1.3.6 doesn't ship with any CGI programs available to the remote user, but I didn't know about the RH distro, so I gave the common faulty CGIs a try (test-cgi, wwwboard, Count.cgi...)"
0 Talkback[s] (click to add your comment)