Bugtraq mailing list archives
Fw: easy remote detection of a running tripwire for webpages syst em
From: Juan Vera <core.lists.bugtraq () core-sdi com>
Date: Fri, 31 Aug 2001 17:44:51 -0300
Even simpler # echo "ServerTokens Min" >> /whatever/httpd.conf # cp `which httpd` . # ed httpd 507904 ,s/Apache\/1.2.34/YOUWONTKNOW!!/g w 507904 q # ./httpd # tail -1 /whatever/error_log [Fri Aug 31 17:39:05 2001] [notice] YOUWONTKNOW!! configured -- resuming normal operations # telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. head / http/1.1 HTTP/1.1 501 Method Not Implemented Date: Fri, 31 Aug 2001 20:41:38 GMT Server: YOUWONTKNOW!! Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE Connection: close Content-Type: text/html; charset=iso-8859-1 etc ----- Original Message ----- From: Fernando Cardoso <core.lists.bugtraq () core-sdi com> Newsgroups: core.lists.bugtraq To: "Jordan K Wiens" <jwiens () nersp nerdc ufl edu> Cc: <bugtraq () securityfocus com> Sent: Friday, August 31, 2001 11:56 AM Subject: RE: easy remote detection of a running tripwire for webpages syst em
Just edit #define SERVER_BASEVERSION "Whatever you want" in src/include/httpd.h and compile it. Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardoso () whatevernet com http://www.whatevernet.com/Know of any good links to documentation or source patches for completely modifying or removing the banner? Note also that the Prod option only works with versions strictly greater than 1.3.12. :-( --_____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. ---------------------------------------------------------------------
--- for a personal reply use: "Juan Vera" <juan () core-sdi com>
Current thread:
- Fw: easy remote detection of a running tripwire for webpages syst em Juan Vera (Aug 31)