Forums » General Hacking Topics

lol I think I might of found something..

    • 41 posts
    November 5, 2016 5:46 PM EDT

    what can one do if they find a website's 000-default, httpd.conf and apache2.conf?

     

    (I totally didn't find all of those on a website.)

    • 118 posts
    November 6, 2016 12:42 AM EDT

    well, its really only useful for knowing if theres other domains on the server, sub domains, or any path information that you seek. It could also be useful for knowing the apache version, so you can go look up some exploits per version,  in our exploit database.

    • 41 posts
    November 7, 2016 12:06 PM EST
    psychomarine said:

    well, its really only useful for knowing if theres other domains on the server, sub domains, or any path information that you seek. It could also be useful for knowing the apache version, so you can go look up some exploits per version,  in our exploit database.

    Well I looked into all the files and found lots of sub domains.

    It told me all the document roots, which was kind of helpful.. Also I found all the log locations. 

    And I found this snip of code that I found interesting (evil face)

    
    SetHandler server-status
    
    Order Deny,Allow
    Deny from all
    Allow from (An IP Address) <--------------------------------
    

    Yea. Also I forgot to mention I found a backup of stockarmsv3...

    I don't plan on getting arrested any time soon, but it just shows how shit big companies security can be.

    (I also found quite a bit more, but this post would go on for too long..)

    I don't know how I should end this, so I'll just say "bye".

    bye.
    • 118 posts
    November 7, 2016 12:33 PM EST

    thats pretty much what I was tellin ya.

    visit the server-status in the url, youll enjoy.

     

     

    • 41 posts
    November 9, 2016 3:01 PM EST
    psychomarine said:

    thats pretty much what I was tellin ya.

    visit the server-status in the url, youll enjoy.

     

     

    Damm the ip is offline..