More How to Explore
the Insides of Internet Computers -- from your Browser!
Figure 5: Reading the code for a CGI program on an Irix 6.2 webserver
(as shown under a Netscape browser running on Windows NT).
This technique for viewing directory contents will not work
on all web sites. There are two easy ways a webmaster can
keep you from viewing directory listings. One is to put
a file named index.html (or whatever the webserver is configured
to use for a default page when a file is not specified) in each
directory. In that case, all you will see is the index
page and not the directory. The other way is to configure
your web server to deny directory listings.
If you are lucky, you may be able to discover that one web
server is actually running many web sites. For example,
something that will sometimes work is http://www.victim.com/../usr/local/apache/htdocs/.
However, the webmaster may have put all the web sites elsewhere,
for example http://www.victim.com/var/www/htdocs/. If you are
patient, just try guessing cool directory paths and see what
you get.
How to Explore beyond Web Site Directories into Hidden
Parts of the Computer
Exploration using http:// attacks can get boring fast.
Ftp (file transfer protocol) comes to the rescue. If the
web site you are exploring offers downloads, chances are you
can get amazing results with something like ftp://www.victim.com.
First, let's take a look at what happens if you can't get
in using the ftp trick
Figure 6: A failed attempt to ftp into a webserver.
More hacking with your web browser--->>
