Re: Scan virtual hosts

• Previous message: Eduardo Suzuki: "RE: hping and firewall testing"
• In reply to: matt: "Re: Scan virtual hosts"
• Next in thread: Bojan Zdrnja: "RE: Scan virtual hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 27 Aug 2005 18:41:38 +0200
To: pen-test@securityfocus.com

Hi,

To bruteforce all domains in the HOST field would mean having a list of
all domains. Scraping together that list to completeness could be an
interesting task.

I recommend first:

Is the website of the hosting provider listing it's hosted websites on
their website? Did googling for that IP lead to anything? Do the
Pointer and A records on DNS for that IP or a range of the IPs under the
hosting provider's control provide you with fodder to bf the Host header
(including using the IPs, 127.0.0.1, and 0.0.0.0 in the Host header)?

If the answer to any of these is no, then you might be up the creek. I
have looked into this before and I couldn't figure out a *good* way
except to actually get an account on that web server and view the /home
(or similar) directory.

Sincerely,
-pete.

matt wrote:
>
>> On 8/24/05, Geert VAN ACKER <geert.vanacker@pandora.be> wrote:
>>
>>
>>> Dear list,
>>>
>>> is it possible to enumerate all virtual hosts on a given IP address ? I
>>> prefer Linux soft.
>>>
>
> It is possible, you could brute force the Host: header, however I dont
> personally know any tool that currently does this I am afraid. It would
> be pretty trivial
> to implement though.
>
> Regards
>
> Matt
> Learn Security Online, Inc.
>
> * Security Games * Simulators
> * Challenge Servers * Courses
> * Hacking Competitions * Hacklab Access
>
> http://www.learnsecurityonline.com
>
>
>

• Previous message: Eduardo Suzuki: "RE: hping and firewall testing"
• In reply to: matt: "Re: Scan virtual hosts"
• Next in thread: Bojan Zdrnja: "RE: Scan virtual hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: iptables and port scan ... >> offered to the internet by a given host. ... >On this website, you'll find links. ... >mentionned, if I offer FTP, it will be mentionned, and so on. ... http://www.mixmaster.anonymizer.com/ first and search for a permit? ... (comp.security.firewalls) Re: Publisher 2003 wont republish, says folder is missing or dele ... this worked great for one of my websites, the other one still cannot upload. ... The host is a free host without ... Then open your Publisher file, go to Tools> Options> Web tab and uncheck ... load one website by publishing to web and typing in my domain. ... (microsoft.public.publisher.webdesign) Re: IE wont load only my website ... > IE will no longer load my website www.jerseyspeedskiffs.com when trying to connect via my Comcast broadband connection. ... My host is westlin.com and they inform me they have not had any problems with their ... > I can however get my site to come up without any problems and fully navigate it if I use AOL. ... (microsoft.public.windows.inetexplorer.ie6.browser) RE: Web server/Lan setup help ... Thanks for using the SBS newsgroup. ... use SBS to host the web sites. ... Create a New Virtual Server or Web Site in Internet ... website, if you host many websites on IIS, you can refer to the following ... (microsoft.public.windows.server.sbs) Re: Strange DNS Behaviour ... host headers for the sake of users familiarization. ... >> server, domain name server and web server. ... >> Primary website pointing to 192.1.1.1 and Secondary website to ... the DNS automatically created 2 Host records. ... (microsoft.public.windows.server.dns)