Another way of locating specific versions of Web servers is to search for the standard pages displayed after successful server installation. Strange though it may seem, there are plenty of Web servers out there, the default configuration of which hasn't been touched since installation. They are frequently forgotten, ill-secured machines which are easy prey for attackers. They can be located using the queries shown in Table. This method is both very simple and extremely useful, as it provides access to a huge number of various websites and operating systems which run applications with known vulnerabilities that lazyor ignorant administrators have not patched. We will see how this works for two fairly popular programs: WebJeff Filemanager and Advanced Guestbook.
Query | Server
"Apache/1.3.28 Server at" intitle:index.of|Apache 1.3.28
"Apache/2.0 Server at" intitle:index.of | Apache 2.0
"Apache/* Server at" intitle:index.of | any version of Apache
"Microsoft-IIS/4.0 Server at" intitle:index.of | Microsoft Internet Information Services 4.0
"Microsoft-IIS/6.0 Server at" intitle:index.of | Microsoft Internet Information Services 5.0
"Microsoft-IIS/* Server at" intitle:index.of | Microsoft Internet Information Services 6.0
"Oracle HTTP Server/* Server at" intitle:index.ofany version of | Microsoft Internet Information Services
"IBM _ HTTP _ Server/* * Server at"intitle:index.ofany version of | IBM HTTP Server
"Netscape/* Server at" intitle:index.ofany version of | Netscape Server"Red Hat Secure/*
" intitle:index.ofany version of the | Red Hat Secure server
"HP Apache-based Web Server/*
" intitle:index.ofany version of the | HP server
Comments
0 comments to "Google queries for locating various Web servers"
Post a Comment