---

A practical vulnerability analysis (The PcWeek crack)

First of all, I had to gather information on the remote
host, what ports the machine had open and what possibilities were
left open.
After checking that most of the ports were either
filtered by the firewall or unusable due to the tcp wrapper in the
host, I decided that I was left only with the HTTP server…”

“So, it was running apache on a Red Hat box. The webpage said
that the server will also run mod_perl, but mod_perl leaves a
fingerprint in the Server: header which was not shown in the header
that this server sent out.”

“Apache 1.3.6 doesn’t ship with any CGI programs available to
the remote user, but I didn’t know about the RH distro, so I gave
the common faulty CGIs a try (test-cgi, wwwboard,
Count.cgi…)”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis