[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Web server passive Googleprints

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Web server passive Googleprints
From: offtopic <offtopic@xxxxxxx>
Date: Mon, 13 Sep 2004 09:57:17 +0400

According to Johnny Long where is two major method of  Web-server passive 
fingerprint via Google. 
It is  directory browsing footer/header 
(for example "[To Parent Directory]" "<dir>" shows IIS pages), and default web 
pages 
(for example intitle:Under.Construction "Disabling Dynamic" shows IIS 6.0 on 
W2K3).

I discovered another interesting and new (AFAIK) method which uses Netcraft Web 
servers monitoring service to provide more accurate Googleprints.

Examples:

site:netcraft.com intitle:That.Site.Running Apache 
site:netcraft.com intitle:That.Site.Running "Windows Server 2003"
site:netcraft.com intitle:That.Site.Running "Netscape-Enterprise/3.6" 

So, Netcraft scans Web servers, Google scans Netcraft, and we scan Google.

(c)oded by offtopic@xxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] win2kup2date.exe ?
Next by Date: [Full-Disclosure] Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation
Previous by thread: [Full-Disclosure] [ GLSA 200409-15 ] Webmin, Usermin: Multiple vulnerabilities in Usermin
Next by thread: [Full-Disclosure] Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation
Index(es):
- Date
- Thread