Locating Directories on a Web Server

[l0gaN]

Does anyone know of a command that would list all of the directories on a web server?

[streaker69]

Does anyone know of a command that would list all of the directories on a web server?

Dir /s /o:d

[l0gaN]

me and my ability to not ask questions sorry

what i meant was a remote command to give me a list of sub directories or apps on a server

thanks

[l0gaN]

I want to see if with a standard scan someone could tell what applications we have running on our webservers. is there such a command i can use to test?

a port scan shows which ports might be vulnerable, but i am just not sure of the next step?

[Packets]

There are applications that do what you are asking, but not really a standard *nix command that does. I think you'll find an abundant amount of information on what you are looking for by doing a google search on the following keywords (application fingerprint).

Just a thought...hope it helps. Good luck.

[l0gaN]

actually that is very helpful thank you

but i am not just looking for what version of software my server is running, but lets say i have an application running in the /Apps directory and the outside world can have access if 1) they know the url and 2) they have log in id....

i want to know if there is a utility that someone can use to search my ip to locate all apps running behind the scenes

thanks

[Packets]

No offense intended, but it's a little difficult for me to discern exactly what you are asking.

No, there is not a utility that someone can run against your IP address that will tell them that you are running 'top' (a non-networked utility) on your host, to the best of my knowledge. What they can do based upon your IP address is look at what ports you have open and based upon the responses they receive from those ports they can try and fingerprint your applications (ie, determine what version of what applications you are using). For example, they might see that you are running telnet, ssh 1.0, apache web server, and a MySQL server. At that point they can search to see what exploits are available for the various ports/applications they can access. If they find an exploit that gives them a shell on the host they then could easily see all processes running on that host.

Does that answer your question or were you asking something else?

[darkevil011]

Someone could port scan your server and find services listening on ports

IE port 80 webserver,21 FTP etc

try nmap with -A to find versions

[purehate]

a few different nmap scans and a basic knowledge of what services runn on what ports is usually all I need. most IT people in my experience don't change the default port for most applicatons. there are numerous other "finger printing" tools on bt that should do the trick.sometimes a router config file is useful for seeing what ports are doing what with what.

[l0gaN]

a few different nmap scans and a basic knowledge of what services runn on what ports is usually all I need. most IT people in my experience don't change the default port for most applicatons. there are numerous other "finger printing" tools on bt that should do the trick.sometimes a router config file is useful for seeing what ports are doing what with what.

Awesome, thank you all. that is really what i was wondering. i.e. I have a SQL application running on our webserver. it is not a listed url and of course, secured. but i was wondering what can be done to locate it and then try to brute it.

thanks guys