Fw: easy remote detection of a running tripwire for webpages syst em

From: Juan Vera (core.lists.bugtraq@core-sdi.com)
Date: 08/31/01


Message-ID: <014a01c1325d$c82e9d50$d342a8c0@cariatide>
From: Juan Vera <core.lists.bugtraq@core-sdi.com>
To: <core.lists.bugtraq@core-sdi.com>
Subject: Fw: easy remote detection of a running tripwire for webpages syst em
Date: Fri, 31 Aug 2001 17:44:51 -0300


Even simpler

# echo "ServerTokens Min" >> /whatever/httpd.conf
# cp `which httpd` .
# ed httpd
507904
,s/Apache\/1.2.34/YOUWONTKNOW!!/g
w
507904
q
# ./httpd
# tail -1 /whatever/error_log
[Fri Aug 31 17:39:05 2001] [notice] YOUWONTKNOW!! configured -- resuming
normal operations
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
head / http/1.1

HTTP/1.1 501 Method Not Implemented
Date: Fri, 31 Aug 2001 20:41:38 GMT
Server: YOUWONTKNOW!!
Allow: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND,
PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE
Connection: close
Content-Type: text/html; charset=iso-8859-1
etc

----- Original Message -----
From: Fernando Cardoso <core.lists.bugtraq@core-sdi.com>
Newsgroups: core.lists.bugtraq
To: "Jordan K Wiens" <jwiens@nersp.nerdc.ufl.edu>
Cc: <bugtraq@securityfocus.com>
Sent: Friday, August 31, 2001 11:56 AM
Subject: RE: easy remote detection of a running tripwire for webpages syst
em

> Just edit #define SERVER_BASEVERSION "Whatever you want" in
> src/include/httpd.h and compile it.
>
> Fernando
>
> --
> Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A.
> Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6
> Fax : +351 21 7994242 1700-036 Lisboa - Portugal
> email : fernando.cardoso@whatevernet.com http://www.whatevernet.com/
>
> >
> >
> > Know of any good links to documentation or source patches for completely
> > modifying or removing the banner? Note also that the Prod option only
> > works with versions strictly greater than 1.3.12. :-(
> >
> > --
>
>
> _____________________________________________________________________
> INTERNET MAIL FOOTER
> A presente mensagem pode conter informação considerada confidencial.
> Se o receptor desta mensagem não for o destinatário indicado, fica
> expressamente proibido de copiar ou endereçar a mensagem a terceiros.
> Em tal situação, o receptor deverá destruir a presente mensagem e por
> gentileza informar o emissor de tal facto.
> ---------------------------------------------------------------------
> Privileged or confidential information may be contained in this
> message. If you are not the addressee indicated in this message, you
> may not copy or deliver this message to anyone. In such case, you
> should destroy this message and kindly notify the sender by reply
> email.
> ---------------------------------------------------------------------
>

--- for a personal reply use: "Juan Vera" <juan@core-sdi.com>



Relevant Pages

  • RE: Yet another OE worm (fwd)
    ... > Fernando Cardoso - Security Consultant WhatEverNet Computing, ... >> one and another window popped asking me the location again. ... > A presente mensagem pode conter informação considerada confidencial. ...
    (Focus-Microsoft)
  • Microsoft Mobile Information Server
    ... A presente mensagem pode conter informação considerada confidencial. ... Em tal situação, o receptor deverá destruir a presente mensagem e por ... technology powered by the award-winning FoundScan engine. ...
    (Pen-Test)
  • RE: easy remote detection of a running tripwire for webpages syst em
    ... Fernando Cardoso - Security Consultant ... A presente mensagem pode conter informação considerada confidencial. ... Em tal situação, o receptor deverá destruir a presente mensagem e por ...
    (Bugtraq)