Mutillidae: Born to be Hacked
|
|
|
|
Site hacked...err...quality-tested with Samurai WTF, Backtrack, Firefox, Burp-Suite, Netcat, and
these Mozilla Add-ons
Developed by Adrian " Irongeek" Crenshaw and Jeremy Druin |
Login
|
| Showing server configurations on pages allowed through the firewall is a bad idea. "Hiding" pages by not linking to them so you believe you are the only one who knows the URL doesnt work. There are tools to brute force the URL, shoulder surfing, log history, browser history, router-firewall-proxy history, scanners, guessing and other methods can get these URLs. or admin functions, create a second site inside the firewall to segregate these pages from the Internet facing site. |
|
|
I wonder what clever name the server admin would give to a PHP page that shows server configuration information? Hint: What is the function in PHP that dumps server configuration information into a nice table? Enable hints if you need more help.
|
| |
|
-
The phpinfo function dumps PHP server configuration information to a nice table.
- PHP pages typically end in the PHP extension.
- There are bots on the Internet trolling sites looking for a special page "phpinfo.php"
- Try brute forcing the page names in the page parameter with Burp-Intruder in sniper mode
|
|
Back