First I will show you the easy way to id a web server. Then I’ll show you how the magic works.
1. first the easy way (Linux):
You may need to install curl first.
sudo apt-get install curl
2. Then it’s easy!
curl -I www.old.pkill-9.com
(that’s a capital I (eye))
and you will get output that looks like:
HTTP/1.1 301 Moved Permanently
Date: Fri, 25 Mar 2011 22:33:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
X-Pingback: http://www.pkill-9.com/xmlrpc.php
Location: http://www.pkill-9.com/
Content-Type: text/html; charset=UTF-8
so we know that old.pkill-9.com uses an Apache Server. (Thank you, Jeremy!)
3. Now the magic. First telnet to the web server address, port 80 This will work in Linux OR Windows. You can use the Putty Client in Windows.
telnet www.old.pkill-9.com 80
Next enter:
HEAD / HTTP/1.0
[enter] [enter]
Note the query MUST be capitalised, and you MUST hit enter TWICE.
You will get output that looks like:
nwayno@Homer:~$ telnet www.old.pkill-9.com 80
Trying 72.167.232.233…
Connected to old.pkill-9.com.
Escape character is ‘^]’.
HEAD / HTTP/1.0
HTTP/1.1 403 Forbidden
Date: Fri, 25 Mar 2011 22:39:31 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=iso-8859-1
Connection closed by foreign host.
nwayno@Homer:~$
And again, we know it’s Apache (Linux).
If it says Server: Microsoft-IIS/7.5
as does www.usatoday.com then it’s a Microsoft’s Internet Information Server.
Thanks Joe. I couldn’t remember the http goodness method!
Wayno
Related Articles
6 users responded in this post
[…] […]
The http://www.hak5.org video clip is here:
http://www.youtube.com/watch?v=5E76kPY2lGw
Wayno
[…] […]
[…] from pkill-9 sent this by. Two quick and dirty ways to ID a web […]
[…] from pkill-9 sent this by. Two quick and dirty ways to ID a web […]
[…] from pkill-9 sent this by. Two quick and dirty ways to ID a web […]