If fine-grained information is obtained about the web server and other
components, research the software versions in use to identify any vulner
abilities that may be exploited to advance an attack.
- Banner Grabbing.
- HTTP server heeaders like Server: Apache/1.3.31 (Unix) mod_gzip/1.3.26.1a mod_auth_passthrough/1.8
- There are security products that use various methods to try to prevent a web server’s software frombeing detected, such as ServerMask by Port80 Software. An HTTP server header example when ServerMask is used: Server: Yes we are using ServerMask!
- HTTP fingerprinting. Try "Httprint" tool.
- File extensions. For example:
- asp —Microsoft Active Server Pages
- aspx —Microsoft ASP.NET
- jsp —Java Server Pages
- cfm —Cold Fusion
- php —the PHP language
- d2w —WebSphere
- pl —the Perl language
- py —the Python language
- dll —usually compiled native code (C or C++)
- nsf or ntf —Lotus Domino
- Directory names. It is common to encounter subdirectory names that indicate the presence of an associated technology. For example:
- servlet —Java servlets
- pls —Oracle Application Server PL/SQL gateway
- cfdocs or cfide —Cold Fusion
- SilverStream —The SilverStream web server
- WebObjects or {function}.woa —Apple WebObjects
- rails —Ruby on Rails
- Session Tokens. For example:
- JSESSIONID —The Java Platform
- ASPSESSIONID —Microsoft IIS server
- ASP.NET_SessionId —Microsoft ASP.NET
- CFID/CFTOKEN —Cold Fusion
- PHPSESSID —PHP
Hiç yorum yok:
Yorum Gönder