|
Penetration Testing
mailing list archives
RE: discovering all websites running on a server
From: "ADAMS, JEFF W, ATTSI" <jeffadams () att com>
Date: Mon, 22 Dec 2008 10:00:15 -0500
The ip: search in live.com is nice, but I usually get more complete results using www.robtex.com.
Put in your site then look at the shared tab.
www.domaintools.com also provides reverse IP services for a price. You do however get a few as free samples.
If you have the ability to see the content of the wwwroot, you should be able to look at the index pages and extract a
unique string that you can search in Google.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Augusto Pereyra
Sent: Sunday, December 21, 2008 3:35 AM
To: Markus Matiaschek
Cc: pen-test () securityfocus com
Subject: Re: discovering all websites running on a server
go to www.live.com
And in the search box write ip:THEIPADDRESS in the result will appear
all site hosted in that ip address.
Enjoy!
On 12/18/08, Markus Matiaschek <mmatiaschek () gmail com> wrote:
Hi all,
i got a problem with a client which basically sums up: php safe_mode =
off...
so far, so bad, but now i want to know first if the clients website is
the only attack vector, or if there are other sites running on the IIS
of this Windows NT machine.
Since i already have access to the server, the question how to do this
with only a IP Adress is theoretical, but nonetheless interesting.
I don't want to be too intrusive and install rootkits or stuff like
this, but i thought the information of the IIS hosted websites must be
somewhere, so i got myself some information with the following
commands:
regedit /e c:\output.txt HKEY_LOCAL_MACHINE\Software\Microsoft\
regedit /e c:\output.txt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
but i canĀ“t see any information about the clients- or any other IIS
website there.
The execution of .vbs scripts is denied, so that is not an option.
I already identified interesting folders in the wwwroot of IIS, but
none of the names of the folders or the content i tried shows up on
google.
Anyone any other Ideas?
Thank you in advance,
Markus
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
