Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Locating Directories on a Web Server

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default Locating Directories on a Web Server

    Does anyone know of a command that would list all of the directories on a web server?
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by l0gaN View Post
    Does anyone know of a command that would list all of the directories on a web server?
    Dir /s /o:d
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    me and my ability to not ask questions sorry

    what i meant was a remote command to give me a list of sub directories or apps on a server

    thanks
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  4. #4
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    I want to see if with a standard scan someone could tell what applications we have running on our webservers. is there such a command i can use to test?

    a port scan shows which ports might be vulnerable, but i am just not sure of the next step?
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  5. #5
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default

    There are applications that do what you are asking, but not really a standard *nix command that does. I think you'll find an abundant amount of information on what you are looking for by doing a google search on the following keywords (application fingerprint).

    Just a thought...hope it helps. Good luck.

  6. #6
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    actually that is very helpful thank you

    but i am not just looking for what version of software my server is running, but lets say i have an application running in the /Apps directory and the outside world can have access if 1) they know the url and 2) they have log in id....

    i want to know if there is a utility that someone can use to search my ip to locate all apps running behind the scenes

    thanks
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

  7. #7
    Junior Member
    Join Date
    Aug 2007
    Posts
    40

    Default

    No offense intended, but it's a little difficult for me to discern exactly what you are asking.

    No, there is not a utility that someone can run against your IP address that will tell them that you are running 'top' (a non-networked utility) on your host, to the best of my knowledge. What they can do based upon your IP address is look at what ports you have open and based upon the responses they receive from those ports they can try and fingerprint your applications (ie, determine what version of what applications you are using). For example, they might see that you are running telnet, ssh 1.0, apache web server, and a MySQL server. At that point they can search to see what exploits are available for the various ports/applications they can access. If they find an exploit that gives them a shell on the host they then could easily see all processes running on that host.

    Does that answer your question or were you asking something else?

  8. #8
    Junior Member
    Join Date
    Jul 2007
    Posts
    67

    Default

    Someone could port scan your server and find services listening on ports

    IE port 80 webserver,21 FTP etc

    try nmap with -A to find versions

  9. #9
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Post

    a few different nmap scans and a basic knowledge of what services runn on what ports is usually all I need. most IT people in my experience don't change the default port for most applicatons. there are numerous other "finger printing" tools on bt that should do the trick.sometimes a router config file is useful for seeing what ports are doing what with what.

  10. #10
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    Quote Originally Posted by purehate View Post
    a few different nmap scans and a basic knowledge of what services runn on what ports is usually all I need. most IT people in my experience don't change the default port for most applicatons. there are numerous other "finger printing" tools on bt that should do the trick.sometimes a router config file is useful for seeing what ports are doing what with what.
    Awesome, thank you all. that is really what i was wondering. i.e. I have a SQL application running on our webserver. it is not a listed url and of course, secured. but i was wondering what can be done to locate it and then try to brute it.

    thanks guys
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •