Penetration Testing mailing list archives

[PEN-TEST] Finding Web Admin Pages

From: Julian Niemeyer <julian.niemeyer () VIRGIN NET>
Date: Sun, 25 Mar 2001 11:59:28 +0100

Some Web servers seem to allow administration via HTTP. Obviously, there is
not a link on the home page "Click here to administer the server"!
Instead, the pages are hidden away - security through obscurity.  I want to
be able to find them.

For a tool, I am first going to look at elza from www.stoev.org before
writing anything.  I recon it will be easy to check if a search returns a
404, 403 or 401.

However, I am keen to avoid having to brute force directiories.  Does anyone
know of a list of well-used or default admin pages and ports for web servers
(or other systems for that matter).

If not, perhaps folks could post any that they have come across to this list
so a collection can be compiled.

Thanks,

Julian

Current thread:

[PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
  - [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
    - Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)