.

Identifying Server Applications

<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Mon Mar 15, 2010 12:58 pm

Identifying Server Applications

Hello All,

Thought i'd share a tool for identifying platform versions. Its a Firefox Plugin that will use screen scraping, default header locations, and other tricks to gather the app software (Django, DokuWiki, Drupal, Joomla (2), MediaWiki, MoinMoin, phpBB, Reddit, Wordpress) and version. Very useful in web app hackery.

http://www.backendinfo.com/
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Mar 15, 2010 1:10 pm

Re: Identifying Server Applications

Thanks, Jason.  I'll check it out.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Mon Mar 15, 2010 3:02 pm

Re: Identifying Server Applications

Thank you. its(the addon) nice.
Knowledge Resource is Power.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Mar 15, 2010 3:08 pm

Re: Identifying Server Applications

Argh!  Doesn't work with Firefox 3.5.8 on my production laptop...  Will have to try it later.  Nonetheless, thanks!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Mar 15, 2010 4:42 pm

Re: Identifying Server Applications

hayabusa, if you have MR Tech Toolkit installed, you'll get an option to ignore the max version info.

It didn't like letting me install on Firefox 3.6. Told it to ignore the version, and it's pretty nice.

Now I wonder how many people are using it against EHNet.

Thanks Jhaddix
OSWP, Sec+
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Tue Mar 16, 2010 3:35 am

Re: Identifying Server Applications

I haven't tried this addon yet, but I can recommend this collection of different FF versions. I have built a few VMs where one is designed for WebApp-Testing and this collection is part of it. There are also collections of other browsers, such as IE, available.
There are some addons which won't work properly with new versions, so this might come in handy for other purposes as well.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Mar 16, 2010 7:06 am

Re: Identifying Server Applications

chrisj wrote:hayabusa, if you have MR Tech Toolkit installed, you'll get an option to ignore the max version info.

It didn't like letting me install on Firefox 3.6. Told it to ignore the version, and it's pretty nice.

Now I wonder how many people are using it against EHNet.

Thanks Jhaddix


Ah... forgot about MR...  thanks!  I'll have to check it out, now.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Mar 16, 2010 8:39 am

Re: Identifying Server Applications

very useful! does it also scan for extra installed modules for these content management systems? these contain vulnerabilities that can be exploited too!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Tue Mar 16, 2010 11:41 am

Re: Identifying Server Applications

Very nice guys, both

Firefox Final Build Pack: http://finalbuilds.edskes.net/edskesmfc.htm

and

MR Toolkit: https://addons.mozilla.org/en-US/firefox/addon/421

are very useful =)

@j0rDy it will only identify versions, the vuln research you'll have to do manually but its easy enough.
<<

d3l0n

Jr. Member
Jr. Member

Posts: 59

Joined: Sat Dec 27, 2008 6:48 pm

Post Tue Mar 16, 2010 1:17 pm

Re: Identifying Server Applications

This post includes great addons. I will add two addons I use:

Domain Details 2.6.5
https://addons.mozilla.org/en-US/firefox/addon/2166

ShowIP 0.8.19
https://addons.mozilla.org/en-US/firefox/addon/590

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software