首页 电脑 电脑学堂 查看内容

blackhat 加拿大黑客大会的一篇关于web指纹鉴定的文章

2004-12-8 04:18 625 0

摘要: 作者:cnbird  来自:http://cnbird.99blog.com/ 题目:鉴定web服务器的指纹 1.发送相同的HTTP请求并且得到不同的回应    执行一单进程...
关键词: nbsp http OPTIONS www Apache com server 1.1 host Microsoft

作者:cnbird  来自:http://cnbird.99blog.com/ 题目:鉴定web服务器的指纹 1.发送相同的HTTP请求并且得到不同的回应    执行一单进程或者标准的HTTP向一服务器发送请求.考虑到准确的确定指纹应该在答复中改变差别. 2.为什么要确定指纹呢?   ⑴确定版本的细节和可能安装的补丁   ⑵确定基本配置   ⑶对指纹发展对策 3.普通的web服务器     web server        July 2003     Percent      August 2003    百分率          变化          Apache            21353498     57.62       22859123           63.51        5.89      Microsoft             11866718     31.87         9139785            25.39      -6.48     Zeus                       787071       2.11           765115              2.13       0.02    iPlanet                     494568       1.33           486868              1.35       0.01 4.服务器的banner HEAD / HTTP/1.1 host:www.host.com   Server: Apache/1.3.26(Unix) Server: Microsoft-IIS/5.0 Server: Netscape-Enterprise/4.1 5.WhiteHat 抓banner的工具 $wh_banner.pl http://host.com Server: Apache/1.3.26(Unix) 这个工具找了好长时间都没有找到,我打算自己写一个,近期我讲发布在我的blgo上欢迎大家来掏宝. 6.HTTP/1.1 RFC 2616 http;//www.ietf.org/rfc/rfc2616.txt 7.Apache的banner [cnbird@localhost]#telnet www.wiretrip.net 80 Trying 66.21.117.200..... Connect to www.wiretrip.net Escape character is '^]'. OPTIONS * HTTP/1.1 Host:www.wiretrip.net HTTP/1.1 200 OK Date:Thu,12 Sep 2003 01:55:09 GMT Content-Langth:0 Allow:GET,HEAD,OPTIONE,TRACE 8.OPTIONS * HTTP的请求: OPTIONS * HTTP/1.1 Host:www.host.com HTTP的答复: Allow:GET,HEAD,POST 9.Apache 1.3.x [cnbird@localhost]$telnet www.netcraft.com 80 Trying 195.92.95.5... Connected to www.netcraft.com. Escape character is '^]'. OPTIONS * HTTP/1.1 Host:www.netcraft.com   HTTP/1.1 200 OK Date:Thu,12 Sep 2003 01:49:01 GMT Server:Apache/1.3.26(Unix) mod_perl/1.27 Content-Length:0 Allow:GET,HEAD,OPTIONS,TRACE Connection:close 10.Apache 2.0.x [cnbird@localhost]$telnet www.apache.org 80 Trying 63.251.56.142... Connected to www.apache.org. Escape character is '^]'. OPTIONS * HTTP/1.1 Host:www.apache.org   HTTP/1.1 200 OK Date:Thu,12 Sep 2003 01:11:24 GMT Server:Apache/2.0.41-dev (Unix) Cache-Control:max-age=86400 Expires:Fri, 13 Sep 2003 01:11:24 GMT Allow:GET,HEAD,POST,OPTIONS,TRACE Content-Length:0 Content-Type:text/plain 11. Microsoft IIS 4.0 [cnbird@localhost]$telnet www8.compaq.com 80 Trying 161.114.19.218... Connected to www8.compaq.com. Escape character is '^]'. OPTIONS * HTTP/1.1 Host:www8.compaq.com   HTTP/1.1 200 OK Server:Microsoft-IIS/4.0 Date:Thu, 12 Sep 2003 02:11:!2 GMT Public:OPTIONS,TRACE,GET,HEAD,POST,PUT,DELETE Content-Length:0  12. Microsoft IIS 5.0/6.0 [cnbird@localhost]$telnet www.dell.com 80 Trying 143.166.83.63... Connected to www.dell.com. Escape character is '^]'. OPTIONS * HTTP/1.1 Host:www.dell.com   HTTP/1.1 200 OK Server:Microsoft-IIS/5.0 Date:Thu, 12 Sep 2003 02:02:24 GMT P3P: CP="BUS CAO CNT COM CUR DEV DSP INT NAV OUR PSA PSD SAM STA TAI UNI" PICS-Label: (pics-1.1 http://www.icra.org/ratingsv02.html" 1 r (cb 1 lz 1 nz 1 oz 1 vz 1) http://www.rsac.org/ratingsv01.htl 1 r (n 0 s 0 v 0 l 0)) P3P:policyref="http://www.dell.co/w3c/p3p.xml",CP="BUS CAO CNT COM CUR DEV DSP INT NAV OUR PSA PSD SAM STA TAI UNI" Expires: Thu, 01 Dec 1994 8:00:00 GMT Set-Cookie:SITESERVER=ID=538382e81a644ec3b74518d300cf567d;domain=.dell.com;path=/;expires=Wed,  12-Sep-2007 02:02:24 GMT; Set-Cookie: SITESERVER_SESSION=ID=538382e81a644ec3b74518d300cf567d;domain=.dell.com;path=/; Content-Length:0 Accept-Ranges:bytes DASL:<DAV:sql> DAV:1,2 Public:OPTIONS,TRACE,GET,HEAD,DELETE,PUT,POST,COPY,MOVE,MKOL,PROPFIND,PROPPATCH,LOCK,UNLOCK,SEARCH Allow:OPTIONS,TRACE,GET,HEAD,DELETE,PUT,POST,COPY,MOVE,MKOL,PROPFIND,PROPPATCH,LOCK,UNLOCK,SEARCH Cache-Control:private 13:剩下的都是不经常用的web服务器了,我就不列举了....   有兴趣的可以向我要原文..........同时也欢迎大家和我(550669)讨论关于UNIX的入侵方法和防御办法,  
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系 [邮箱地址] 删除

路过

雷人

握手

鲜花

鸡蛋

最新评论

返回顶部