Results 1 to 7 of 7

Thread: Listing/obtaining CGI applications

  1. #1
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    3

    Default Listing/obtaining CGI applications

    Hello,
    First let me open by saying I just finished reading all the rules! But I am a pretty avid linux user but a pretty new BT4 user.
    So I have a website up that I am implementing CGI applications (in a /cgi-bin/) and before I make the website TOTALLY live (private URL for now ) I want to attempt listing all directories in the website, checking access, and seeing if I am able to obtain the CGI applications. If so, well I know to fix the issues. After a TON of Googling and searching the forums, there seems to be only a small amount of information regarding HTTP testing and nothing dealing specifically with what I'm doing. Is there anyone who can point me in the right direction?

    Greatly appreciated,
    Kyle

    P.S.: Glad to be part of the community!

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Listing/obtaining CGI applications

    Trying hard to see the connection to BackTrack here.

    In answer to your question though, the best way to find all of the cgi programs on a web server would be to do something like this from the servers console:
    Code:
    cd /var/www/cgi-bin/
    ls
    OK, Im being a bit facetious there, and this procedure may differ depending on the exact webserver and OS your server uses, but all should have some way of listing their cgi apps from configuration files or the filesystem or an admin console or something.

    If you want to do it from a seperate system, you need to use some sort of combination spidering/known URLs/brute force method, which is going to provide results that are much less complete. Try something like dirbuster, or one of the active web vulnerability scanners (e.g. one of the commercial ones or an open source one like skipfish, w3af, etc - there is a thread in the Experts forum that mentions some more).
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    3

    Default Re: Listing/obtaining CGI applications

    Well, I'm doing it from a client-side approach. Sure if you're behind the computer acting as server, it is painless. But it is an Apache 2.0, Ubuntu-based server, if that helps. I'm beginning to explore different tools in BT4 such as DirBuster and one other big-name tool I can't remember at the moment... But the general approach is brute force and that just isn't a logical approach (which is why I'm not really protecting myself from it). I just want to know if there is another way to get into the CGI-BIN from, say, another computer using BT or given the correct resources. I do thank you for your response, every bit helps!

    Kyle

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Listing/obtaining CGI applications

    Unless some other service on the system can be exploited/queried to give you a directory/cgi program listing, brute force is what you are stuck with. Thats just the way it works unfortunately, and thats why I suggested to do it from the server if you want a complete inventory.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Listing/obtaining CGI applications

    Nikto, Nessus, and Skipfish (among others I'm sure) are all able to do what you're looking for via brute force. Though as has been pointed out going brute force from the client side is never going to be as efficient/effective as simply looking at the things on the server drives in the web server's root directory(ies).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Just burned his ISO
    Join Date
    Oct 2010
    Posts
    3

    Default Re: Listing/obtaining CGI applications

    Thank you very much for the help. I will give it a swing through Nessus to see if it finds anything. If not, I can assume my CGIs will be safe! I will report back soon. Thank you very much!

    Kyle

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Listing/obtaining CGI applications

    Quote Originally Posted by kDick91 View Post
    Thank you very much for the help. I will give it a swing through Nessus to see if it finds anything. If not, I can assume my CGIs will be safe! I will report back soon. Thank you very much!
    Kyle
    That is where you have already failed. Never assume anything is safe. Don't just rely on some fancy tool to determine if your network or web applications are safe. If that's all you want to do, you could just as easily spend the day not testing, and play a few online games or something, then play dumb when management starts asking questions when something goes wrong.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Obtaining ip...
    By TheAmazingCarpet in forum Beginners Forum
    Replies: 3
    Last Post: 08-09-2010, 07:27 PM
  2. Listing of the tools in Backtrack4, and their functions
    By disobey.gov in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-25-2010, 03:40 PM
  3. Thread listing last > new message?
    By 10.0.0.1 in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-18-2009, 03:55 PM
  4. Dsniff listing on eth0 w/o arp poisoning nor MITM
    By imported_bulgin in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-17-2008, 12:33 PM
  5. Post for listing VALID NIC MAC addresses
    By -=Xploitz=- in forum OLD BackTrack v2.0 Final
    Replies: 10
    Last Post: 06-27-2007, 02:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •