Accessing a shared hosted website through it's IP

Printable View

06-20-2011, 09:41 AM
Unhumanje

Accessing a shared hosted website through it's IP

First things first, I googled this however I didn't find anything. To be honest, I am not quite sure what my key words should be.

What I am trying to achieve is access a site through it's IP address rather than its URL. For example - I won't open google with google.com, but rather with http://74.125.79.99 . So far so good. However, most sites have shared hosting. So that 1 IP address is hosting multiple web pages. From what I found out from google and from some personal 'tests' they mostly work on the principle:
http://IPaddress/~user , where user is usually 8 letters/digits.

So here is where my question stands - is it possible and if yes, how can I find the "user" so that I can access the site this way?

Thanks in advance for any input.

EDIT:

Sorry for the links, didn't realise they were inappropriate.

However, until when will all my actions be moderated? This topic took like 5 days to get approved :/ I almost forgot I posted it. And due to that delay the topic is now on page 2 (despite actually being approved yesterday/today) where almost no one will look :|
07-10-2011, 03:26 PM
ThatOneGuy666

Re: Accessing a shared hosted website through it's IP

Just to let you know

Your questions on the /~user

You have to guess cpanel users are created with a 5 to 6 characters

some for example super-site-mainrawr.com would be a possibility of

susima

Not to mention a lot of hosting companies the privileges from people being able to use

/~username

as it causes a vital security risk

You have to learn how cpanel operates in order to understand what im saying a lot better

You just have to guess

however there are various other ways to get such users on a server but im not going to explain that

Hopes this helps
07-10-2011, 09:14 PM
shadowzero

Re: Accessing a shared hosted website through it's IP

One way to do this is to have a wordlist containing usernames you'd like to try. You can get these anywhere, if you can find a list of employee email addresses you can try those. Backtrack comes with tools that can be used to get that information (see theharvester and metagoofil for example). Once you've compiled a wordlist, you can read through it and use curl against each username:

Code:

#!/bin/bash while read line; do curl -s -f http://123.123.123.123/~${line} > /dev/null 2>&1 if [[ $? -eq 22 ]]; then echo "no such user ${line}" else echo "found user ${line}" fi done < users.txt

curl returns error code 22 when it encounters a 404 HTTP error, which is what you'd typically get if the user's page doesn't exist.