Listing/obtaining CGI applications

[kDick91]

Hello,
First let me open by saying I just finished reading all the rules! But I am a pretty avid linux user but a pretty new BT4 user.
So I have a website up that I am implementing CGI applications (in a /cgi-bin/) and before I make the website TOTALLY live (private URL for now ) I want to attempt listing all directories in the website, checking access, and seeing if I am able to obtain the CGI applications. If so, well I know to fix the issues. After a TON of Googling and searching the forums, there seems to be only a small amount of information regarding HTTP testing and nothing dealing specifically with what I'm doing. Is there anyone who can point me in the right direction?

Greatly appreciated,
Kyle

P.S.: Glad to be part of the community!

[lupin]

Trying hard to see the connection to BackTrack here.

In answer to your question though, the best way to find all of the cgi programs on a web server would be to do something like this from the servers console:

Code:

cd /var/www/cgi-bin/
ls

OK, Im being a bit facetious there, and this procedure may differ depending on the exact webserver and OS your server uses, but all should have some way of listing their cgi apps from configuration files or the filesystem or an admin console or something.

If you want to do it from a seperate system, you need to use some sort of combination spidering/known URLs/brute force method, which is going to provide results that are much less complete. Try something like dirbuster, or one of the active web vulnerability scanners (e.g. one of the commercial ones or an open source one like skipfish, w3af, etc - there is a thread in the Experts forum that mentions some more).

[kDick91]

Well, I'm doing it from a client-side approach. Sure if you're behind the computer acting as server, it is painless. But it is an Apache 2.0, Ubuntu-based server, if that helps. I'm beginning to explore different tools in BT4 such as DirBuster and one other big-name tool I can't remember at the moment... But the general approach is brute force and that just isn't a logical approach (which is why I'm not really protecting myself from it). I just want to know if there is another way to get into the CGI-BIN from, say, another computer using BT or given the correct resources. I do thank you for your response, every bit helps!

Kyle

[lupin]

Unless some other service on the system can be exploited/queried to give you a directory/cgi program listing, brute force is what you are stuck with. Thats just the way it works unfortunately, and thats why I suggested to do it from the server if you want a complete inventory.

[thorin]

Nikto, Nessus, and Skipfish (among others I'm sure) are all able to do what you're looking for via brute force. Though as has been pointed out going brute force from the client side is never going to be as efficient/effective as simply looking at the things on the server drives in the web server's root directory(ies).

[kDick91]

Thank you very much for the help. I will give it a swing through Nessus to see if it finds anything. If not, I can assume my CGIs will be safe! I will report back soon. Thank you very much!

Kyle

[Archangel-Amael]

Thank you very much for the help. I will give it a swing through Nessus to see if it finds anything. If not, I can assume my CGIs will be safe! I will report back soon. Thank you very much!
Kyle

That is where you have already failed. Never assume anything is safe. Don't just rely on some fancy tool to determine if your network or web applications are safe. If that's all you want to do, you could just as easily spend the day not testing, and play a few online games or something, then play dumb when management starts asking questions when something goes wrong.