What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

More How to Explore the Insides of Internet Computers -- from your Browser!


Figure 5: Reading the code for a CGI program on an Irix 6.2 webserver (as shown under a Netscape browser running on Windows NT).

This technique for viewing directory contents will not work on all web sites.  There are two easy ways a webmaster can keep you from viewing directory listings.  One is to put a file named index.html (or whatever the webserver is configured to use for a default page when a file is not specified) in each directory.  In that case, all you will see is the index page and not the directory.  The other way is to configure your web server to deny directory listings.

If you are lucky, you may be able to discover that one web server is actually running many web sites.  For example, something that will sometimes work is http://www.victim.com/../usr/local/apache/htdocs/. However, the webmaster may have put all the web sites elsewhere, for example http://www.victim.com/var/www/htdocs/. If you are patient, just try guessing cool directory paths and see what you get.

How to Explore beyond Web Site Directories into Hidden Parts of the Computer

Exploration using http:// attacks can get boring fast.  Ftp (file transfer protocol) comes to the rescue.  If the web site you are exploring offers downloads, chances are you can get amazing results with something like ftp://www.victim.com. 

First, let's take a look at what happens if you can't get in using the ftp trick


Figure 6: A failed attempt to ftp into a webserver.

More hacking with your web browser--->>


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 
 © 2013 Happy Hacker All rights reserved.