HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 70 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Toolsarrow Identifying Server Applications
EH-Net
May 25, 2012, 08:00:50 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Identifying Server Applications  (Read 5024 times)
0 Members and 5 Guests are viewing this topic.
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« on: March 15, 2010, 12:58:20 PM »
Hello All,

Thought i'd share a tool for identifying platform versions. Its a Firefox Plugin that will use screen scraping, default header locations, and other tricks to gather the app software (Django, DokuWiki, Drupal, Joomla (2), MediaWiki, MoinMoin, phpBB, Reddit, Wordpress) and version. Very useful in web app hackery.

http://www.backendinfo.com/
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #1 on: March 15, 2010, 01:10:35 PM »
Thanks, Jason.  I'll check it out.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
pizza1337
Full Member
***
Offline Offline

Posts: 156

Resource is Power.


View Profile
« Reply #2 on: March 15, 2010, 03:02:16 PM »
Thank you. its(the addon) nice.
Logged
Knowledge Resource is Power.
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #3 on: March 15, 2010, 03:08:17 PM »
Argh!  Doesn't work with Firefox 3.5.8 on my production laptop...  Will have to try it later.  Nonetheless, thanks!
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
chrisj
Hero Member
*****
Offline Offline

Posts: 997


View Profile
« Reply #4 on: March 15, 2010, 04:42:24 PM »
hayabusa, if you have MR Tech Toolkit installed, you'll get an option to ignore the max version info.

It didn't like letting me install on Firefox 3.6. Told it to ignore the version, and it's pretty nice.

Now I wonder how many people are using it against EHNet.

Thanks Jhaddix
Logged
OSWP, Sec+
aweSEC
Hero Member
*****
Offline Offline

Posts: 1100


View Profile
« Reply #5 on: March 16, 2010, 03:35:26 AM »
I haven't tried this addon yet, but I can recommend this collection of different FF versions. I have built a few VMs where one is designed for WebApp-Testing and this collection is part of it. There are also collections of other browsers, such as IE, available.
There are some addons which won't work properly with new versions, so this might come in handy for other purposes as well.
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1304



View Profile
« Reply #6 on: March 16, 2010, 07:06:34 AM »
Quote from: chrisj on March 15, 2010, 04:42:24 PM
hayabusa, if you have MR Tech Toolkit installed, you'll get an option to ignore the max version info.

It didn't like letting me install on Firefox 3.6. Told it to ignore the version, and it's pretty nice.

Now I wonder how many people are using it against EHNet.

Thanks Jhaddix

Ah... forgot about MR...  thanks!  I'll have to check it out, now.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCP , GPEN, C|EH
j0rDy
Hero Member
*****
Offline Offline

Posts: 578


View Profile
« Reply #7 on: March 16, 2010, 08:39:54 AM »
very useful! does it also scan for extra installed modules for these content management systems? these contain vulnerabilities that can be exploited too!
Logged
ISC2 Associate, CEH, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #8 on: March 16, 2010, 11:41:36 AM »
Very nice guys, both

Firefox Final Build Pack: http://finalbuilds.edskes.net/edskesmfc.htm

and

MR Toolkit: https://addons.mozilla.org/en-US/firefox/addon/421

are very useful =)

@j0rDy it will only identify versions, the vuln research you'll have to do manually but its easy enough.
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« Reply #9 on: March 16, 2010, 01:17:28 PM »
This post includes great addons. I will add two addons I use:

Domain Details 2.6.5
https://addons.mozilla.org/en-US/firefox/addon/2166

ShowIP 0.8.19
https://addons.mozilla.org/en-US/firefox/addon/590
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.09 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.