File: server.db

package info (click to toggle)
whisker 1.4-5
links: PTS
area: main
in suites: woody
size: 524 kB
ctags: 37
sloc: perl: 1,191; makefile: 45; sh: 8
file content (721 lines) | stat: -rw-r--r-- 13,320 bytes
# 					|| version 1.4.0

server (xerox)
print - This seems to be a printer.
exit
endserver

server (printer)
print - This seems to be a printer.
exit
endserver

server (cisco ios technologies)
print - This seems to be a Cisco Catalyst switch.
exit
endserver

server (cisco)
exit
endserver

server (apache/1.0.3)
print - Apache 1.0.3 is used in Xerox printers
print - (i.e. this could be just a printer)
endserver

server (agranat-emweb)
print - Agranat's embedded webserver; http://www.agranat.com
print - The authentication realm is sometimes the product name
endserver

server (allegro-software-rompager)
print - QMS printer (3260?) & other embedded devices
endserver

server (tme_10_netview_vs)
ifinfo
print - Tivoli web manager
endinfo
endserver

# this is a guess
server (quid)
ifinfo
print - Quid Pro Quo server saves logfile in doc root
print - request http://site/server%20logfile
endinfo
endserver

server (cobalt)
ifinfo
print - Running on a Cobalt RaQ/Qube.
endinfo
endserver

server (iis)
ifinfo
print - Appending ::\$DATA, %2E, or 0x81 to URLs may give script source
print - Also try +.htr and %20%20.htw tricks
endinfo
endserver


server (pws)
ifinfo
print - Personal Web Server pws32/2.0.2.1112 has issues
#print - http://www.insecure.org/sploits/ms.personal_web_server.overflow.html
print - request /....../ might give you root drive info
endinfo
endserver

server (personal web server)
ifinfo
print - Personal Web Server pws32/2.0.2.1112 has issues:
#print - http://www.insecure.org/sploits/ms.personal_web_server.overflow.html
print - request /....../ might give you root drive info
endinfo
endserver


server (teamtrack)
print - Running TeamTrack webserver; vuln published in RFP9904
print - allows ../../../ style grabbing of files
exit
endserver

server (dwhttpd)
print - Solaris answerbook server; 3.1a4 has problems:
print - http://packetstorm.securify.com/exploits/solaris/5.6/solarisab2.txt
exit
endserver

server (folkweb)
ifinfo
print -  www.ilar.com
print -  runs on windows/32
endinfo
endserver

server (fnord)
ifinfo
print -  ftp://deadbaby.res.wpi.edu/fnord/
print -  runs on windows/32
endinfo
endserver

server (serverseven)
ifinfo
print -  http://homepage.interaccess.com/~mattt/
print -  runs on windows/32; written in pascal
endinfo
endserver

server (sambar)
ifinfo
print -  www.sambar.com
print -  runs on windows/32
print -  version prior to 4.2 has some security bug in PUT...
endinfo
endserver

server (apache)
ifinfo
print -  www.apache.org
endinfo
endserver

server (apache/1.1.3)
ifinfo
print - Apache 1.1.3 mod_cookies has buffer overflow
endinfo
endserver

server (apache/1.1.1)
ifinfo
print - Apache 1.1.1 may view contents of dirs regardless of index.html
endinfo
endserver

server (simple, secure web server)
ifinfo
print - Axent Raptor/Eagle firewall/proxy found - no point in scanning?
exit
endinfo
endserver

server (micro-http/1.0)
ifinfo
print - Tektronics printer (?)
exit
endinfo
endserver

server (apache-ssl-us)
ifinfo
print -  apachessl.c2.net
endinfo
endserver

server (stronghold)
ifinfo
print -  stronghold.ukweb.com
endinfo
endserver

server (neowebscript)
ifinfo
print -  www.neosoft.com/neowebscript
print -  plugin for apache/unix, allows embedding of TCL into webpages
print -  .gd for dynamic gif images, .nhtml for normal files
endinfo

scan (neowebscript) / >> /neowebscript/test/senvironment.nhtml

scan (neowebscript) / >> /neowebscript/tests/load_webenv.nhtml

scan (neowebscript) / >> /neowebscript/tests/mailtest.nhtml

endserver

server (ncsa)
ifinfo
print - hoohoo.ncsa.uiuc.edu
print - NCSA <= 1.3 have various issues; download netcraft.tgz from
print - www.rootshell.com.  Also, NCSA <= 1.5 has a script alias bug
print - that may allow you to retrieve CGI source rather than run it.
print - All info is in netcraft.tgz.  Also, phf comes with NCSA <=1.5a
endinfo
set $XXForce=1
endserver

server (netscape)
ifinfo
print - home.netscape.com/comprod/
print - Check for the ?PageServices bug by appending it to (root) URL
print - Appending %20 to URL would yeild source
print - Also retrieve source of JHTML:
print - http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-07$
print - &msg=003b01bedacc$b94cbc30$c6dd93c3@pluto
print - Using 'get' instead of 'GET' can yeild directory listings
print - Recent advisory by ISS--buffer overflow in Authenticate: header
endinfo
endserver

server (ultraseek)
ifinfo
print - Infoseek's Ultraseek server
print - has buffer overflow
endinfo
endserver

server (cern)
ifinfo
print - www.w3.org/hypertext/WWW/Daemon
endinfo
endserver

server (thttpd)
ifinfo
print - www.acme.com/software/thttpd
print - tiny/turbo/throttling httpd (unix)
print - versions prior and including 2.03 read any file by doing:
print - http://some.domain.com//etc/passed   (notice //)
print - 2.04 has buffer overflow
endinfo

#http://www.acme.com/cgi-bin/ssi
#and the url for your document is: 
#http://www.acme.com/users/wecoyote/doc.html
#then the compound URL that gives you the document filtered through the #program would be: 
#http://www.acme.com/cgi-bin/ssi/users/wecoyote/doc.html

endserver

server (website)
ifinfo
print - website.ora.com
endinfo
endserver

server (process)
ifinfo
print - www.process.com
endinfo
endserver

server (machttp)
print - www.starnine.com/machttp
print - Mac server lets you download logfiles
# no point in scanning...
exit
endserver

server (webstar)
print - www.starnine.com/webstar
print - Mac server lets you download logfiles
print - request http://site/WebSTART%20LOG
# no point in scanning...
exit
endserver

server (homedoor)
print - www.opendoor.com
print - Macintosh!
# no point in scanning...
exit
endserver

server (rushhour)
ifinfo
print - www.maxum.com/RushHour
endinfo
endserver

server (netcloak)
print - www.maxum.com
print - Mac plugin for webstar or CGI
# no point in scanning...
exit
endserver

server (netpresenz)
print - www.stairways.com/netpresenz
print - Macintosh!
# no point in scanning...
exit
endserver

server (aolserver)
ifinfo
print - www.aolserver.com
print - runs on Dec OSF1, hp/ux, irix, linux, solaris (+source)/ +tcl 
endinfo
endserver

server (commerce-builder)
ifinfo
print -  www.ifact.com
endinfo
endserver

server (wn)
ifinfo
print -  hopf.math.nwu.edu
endinfo
endserver

server (oracle)
print - www.oracle.com
print - You can request owa_util%2esignature
exit
endserver

server (emwac)
ifinfo
print -  emwac.ed.ac.uk
endinfo
endserver

server (webquest)
ifinfo
print -  www.questar.com
endinfo
endserver

server (open-market-webserver)
ifinfo
print -  www.openmarket.com/products/webserver.html
endinfo
endserver

server (open-market-secure-webserver)
ifinfo
print -  www.openmarket.com/products/secureweb.html
endinfo
endserver

server (goserve)
ifinfo
print -  www2.hursley.ibm.com/goserve
endinfo
endserver

server (plexus)
ifinfo
print -  www.bsdi.com/server/doc/plexus.html
endinfo
endserver

server (eit)
ifinfo
print -  wsk.eit.com
endinfo
endserver

server (spry)
ifinfo
print -  server.spry.com
endinfo
endserver

server (osu)
ifinfo
print -  kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html
endinfo
endserver

server (roxen)
ifinfo
print -  www.roxen.com
print -  support for unix (+source), beta on win
print -  written in .pike, fast-cgi support
endinfo
endserver

server (phttpd)
ifinfo
print -  www.signum.se/phttpd
endinfo
endserver

server (domino)
print - domino.lotus.com
info ACLs can be bypassed with $DefaultNav?OpenNavigator or 0 view
info Access to edit databases with ?edit instead of ?open
info Domino had problems prior to 4.2.1.3
info http://www.l0pht.com/advisories/domino3.txt
info http://www.l0pht.com/advisories/domino2.txt
info http://www.l0pht.com/advisories/domino.txt
info Domino on NT had also problems prior to 4.6
info Bugtraq: 2173 traversal bug (.nsf/../) 

scan () / >> database.nsf
scan () / >> domcfg.nsf
scan () / >> log.nsf
scan () / >> domlog.nsf
scan () / >> names.nsf
scan () / >> catalog.nsf
scan () / >> admin4.nsf
scan () / >> statrep.nsf
scan () / >> setup.nsf
scan () / >> agentrunner.nsf
scan () / >> reports.nsf
scan () / >> webadmin.nsf
scan () / >> mab.nsf
scan () / >> bookmark.nsf
scan () / >> certsrv.nsf
scan () / >> evemts4.nsf
scan () / >> mail.box
scan () / >> websetup.nsf


# why?  what's the vulnerability?
#scan () / >> today.nsf

exit
endserver

server (zeus)
ifinfo
print - www.zeus.co.uk
print - see RFP9905 for an exploit in the /search/ function
endinfo
endserver

server (mathopd)
ifinfo
print -  mathop.diva.nl
print -  minimal, high-performance server for unix
endinfo
endserver

server (boa)
ifinfo
print -  www.boa.org
print -  runs on unix, minimal high-performance
endinfo
endserver

server (javawebserver)
ifinfo
print -  jeeves.javasoft.com
print -  java-based webserver; uses .jhtml files
print -  download .jhtml source: http://server/servlet/file/<name>.jhtml
endinfo
endserver

server (zbserver)
ifinfo
print -  www.zbserver.com
endinfo
endserver

server (frontier)
ifinfo
print -  www.frontiertech.com/products/superweb.htm
endinfo
endserver

server (gosite)
ifinfo
print -  www.gosite.com
endinfo
endserver

server (aserve)
ifinfo
print - www.phone.net/aws
endinfo
endserver

server (os2httpd)
ifinfo
print - ftp.netcom.com/pub/kf/kfan/overview.html
endinfo
endserver

server (powerweb)
ifinfo
print - www.compusource.co.za/powerweb
endinfo
endserver

server (ibm internet connection server)
ifinfo
print - www.ics.raleigh.ibm.com
endinfo
endserver

server (alibaba)
ifinfo
print - alibaba.austria.eu.net
print - allows ../../../../file crap?
print - tons of exploitable buffer overflows
endinfo
endserver

server (falcon)
ifinfo
print - falcon web server
print - allows ../../file crap
endinfo
endserver

server (boulevard)
ifinfo
print - www.resnova.com/boulevard
endinfo
endserver

server (webforone)
ifinfo
print - www.resnova.com/webforone
endinfo
endserver

server (webshare)
ifinfo
print - www.beyond-software.com/products/eweb/webshare/webshare.html
endinfo
endserver

server (enterpriseweb)
ifinfo
print - www.beyond-software.com/products/eweb/eweb.html
endinfo
endserver

server (cosmos)
ifinfo
print - www.ris.fr
endinfo
endserver

server (web commander)
ifinfo
print - www.luckman.com/wc/webcom.html
endinfo
endserver

server (american sitebuilder)
ifinfo
print - www.american.com/product1.html
endinfo
endserver

server (glaci)
ifinfo
print - www.glaci.com/info/glaci-httpd.html
print - for netware
endinfo
endserver

server (cl-http)
ifinfo
print - www.ai.mit.edu/projects/iiip/doc/cl-http/home-page.html
endinfo
endserver

server (w4)
ifinfo
print - 130.89.224.16 (product info)
endinfo
scan () / cgi-bin >> cgi-test.exe
endserver

server (i/net)
ifinfo
print - www.inetmi.com
endinfo
endserver

server (webdisk)
ifinfo
print - www.ararat.com
endinfo
endserver

server (web server 4d)
ifinfo
print - www.mdg.com
endinfo
endserver

server (hyperwave)
ifinfo
print - www.hyperwave.com
endinfo
endserver

server (telefinder)
ifinfo
print - bbs.spiderisland.com
endinfo
endserver

server (viking)
ifinfo
print - www.robtex.com/viking/
endinfo
endserver

server (vm:webserver)
ifinfo
print - www.vm.sterling.com
endinfo
endserver

server (omnihttpd)
ifinfo
print - www.omnicron.ab.ca/httpd/
endinfo
endserver

server (xitami)
ifinfo
print - www.imatix.com/html/xitami/index.htm
print - Security settings on directories can be bypassed if you use 8.3 names
print - http://www.securityfocus.com/templates/archive.pike?list=1
print - &date=1999-08-15&msg=37B5D87E.D6600553@urban-a.net
endinfo
endserver

server (avenida)
ifinfo
print - www.avenida.co.uk
endinfo
endserver

server (spinnaker)
ifinfo
print - www.telegrafix.com
endinfo
endserver

server (wildcat)
ifinfo
print - www.santronics.com
endinfo
endserver

server (vqserver)
ifinfo
print - www.vqsoft.com/vq/server/index.html
print - Security settings on directories can be bypassed if you use 8.3 names
print - http://www.securityfocus.com/templates/archive.pike?list=1
print - &date=1999-08-15&msg=37B5D87E.D6600553@urban-a.net
endinfo
endserver

server (nsl)
ifinfo
print - www.nsl.net
endinfo
endserver

server (website)
ifinfo
print - v1.1c: command interpreter prob;  1.1e has issues:
print - http://www.insecure.org/sploits/website.windows.1.1e.html
endinfo
endserver

server (frontpage)
ifinfo
print - FrontPage:
print - on earlier versions of unix FPE, _vti_pvt was world writable
print - http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html
endinfo
endserver



#### Server signatures

server (red hat)
server (apache/1.3.6)
  ifinfo
  print - Signature of RedHat 6.0 distribution
  endinfo
endserver

server (red hat)
server (apache/1.3.3)
  ifinfo
  print - Signature of RedHat 5.2 distribution
  endinfo
endserver

server (mandrake)
server (apache/1.3.6)
  ifinfo
  print - Signature of Mandrake (pgcc RedHat) 6.0 distribution
  endinfo
endserver

server (apache/1.3)
set newapache=1
endserver


# good example of multipe ifs...this is equivalent to:
# server is apache && newapache not equal 1 && if user wants info ->
server (apache)
 if newapache != 1
  ifinfo
   print - Apache prior to 1.2.5 had various problems
  endinfo
 endif
endserver

server (iis/4)
ifinfo
print - Security settings on directories can be bypassed if you use 8.3 names
endinfo
endserver


###################################################

#lookup bestwwwd (www.acme.com)