Tornado Web Server Recon Basics Tornado is a python web server framework developed by FriendFeed . It can can scale to tens of thousands of open connections, making it ideal for long polling , WebSockets , and other applications that require a long-lived connection to each user. So this means it's an highly performant and companies like Facebook with scaling SaaS projects uses it for serving clients' needs. The labs I would be discussing in this post are provided by Attack Defense: Tornado Recon: Basics Tornado: Basic Authentication Tornado: Digest Authentication So let's begin Tornado Recon: Basics In this lab my ip is 192.96.75.3 Which web server software is running on the target server? Also find out the version. Use nmap. Execute the command by replacing <IP> with the one you have been assigned with nmap -sS -sV <IP> It is serving Tornado server on port 80 and version of the server is 5.1.1 What content is returned when a query is made to the base dir
Nginx Recon Basics You can find this Lab here Nginx is a web server like Apache, its a multipurpose opensource server mainly used for serving cached contents, load balancers or reverse proxy. Like Apache, it can also serve PHP or static contents. So, why Nginx if you have apache? Well, Nginx performs better than Apache in some scenarios and many big companies are using it to serve their clients. Here are few of them https://www.nginx.com/resources/wiki/community/why_use_it/ You get the idea why Nginx is so important now, so let's dive into this Let the Recon Begin In my case the ip is 192.14.197.3 . You can find the ip by running `ifconfig` and the change the last part from 2 to 3 eth1 interface Not asked but, What is version of nginx version running? Using nmap tool to find the version nmap -sS -sV 192.14.197.3 It is running nginx v1.15.4 What are the authentication types being used for /Admin and /Administrator folder? Using authentication recon tip from previou