Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: discovering all websites running on a server
From: "ADAMS, JEFF W, ATTSI" <jeffadams () att com>
Date: Mon, 22 Dec 2008 10:00:15 -0500


The ip: search in live.com is nice, but I usually get more complete results using www.robtex.com.

Put in your site then look at the shared tab.

www.domaintools.com also provides reverse IP services for a price.  You do however get a few as free samples.

If you have the ability to see the content of the wwwroot, you should be able to look at the index pages and extract a 
unique string that you can search in Google.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Augusto Pereyra
Sent: Sunday, December 21, 2008 3:35 AM
To: Markus Matiaschek
Cc: pen-test () securityfocus com
Subject: Re: discovering all websites running on a server

go to www.live.com

And in the search box write ip:THEIPADDRESS in the result will appear
all site hosted in that ip address.


Enjoy!


On 12/18/08, Markus Matiaschek <mmatiaschek () gmail com> wrote:
Hi all,

i got a problem with a client which basically sums up: php safe_mode =
off...

so far, so bad, but now i want to know first if the clients website is
the only attack vector, or if there are other sites running on the IIS
of this Windows NT machine.

Since i already have access to the server, the question how to do this
with only a IP Adress is theoretical, but nonetheless interesting.

I don't want to be too intrusive and install rootkits or stuff like
this, but i thought the information of the IIS hosted websites must be
somewhere, so i got myself some information with the following
commands:
regedit /e c:\output.txt HKEY_LOCAL_MACHINE\Software\Microsoft\
regedit /e c:\output.txt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\

but i canĀ“t see any information about the clients- or any other IIS
website there.

The execution of .vbs scripts is denied, so that is not an option.

I already identified interesting folders in the wwwroot of IIS, but
none of the names of the folders or the content i tried shows up on
google.

Anyone any other Ideas?

Thank you in advance,
Markus

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]