How To Know Wich Web Server Use A Website

Today a coworker ask me about how to know whick web server is using a website. Usually majority of websites use Microsoft IIS or Apache, of course, there are others. Which is the finality of this? In case of an attack against the website a very important step is know what software is working.

In general, the more we can know of an easier system is to attack it, if we can know the product, the version and even patch level (although this last one is more complex to see), we simplify the work a lot to an attacker that is going to focus , at least, to launch everything that is known and published against that product. If, on the other hand, you do not know what there is, you will have to launch multiple attacks in a trial and error technique.

In our case we are going to use a tool called curl, basically what it does is file transfer (xml, json, raw, …). Supports multiple FTP, FTPS, HTTP, HTTPS, TFTP, SCP, SFTP, Telnet, DICT, FILE and LDAP protocols.

If the website is not securize against this kind of attacks;

curl -s -i

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 04 Apr 2018 16:17:36 GMT
Connection: close
Content-Length: 315

Not Found

<h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s