Tornado Web Server Recon Basics Tornado is a python web server framework developed by FriendFeed . It can can scale to tens of thousands of open connections, making it ideal for long polling , WebSockets , and other applications that require a long-lived connection to each user. So this means it's an highly performant and companies like Facebook with scaling SaaS projects uses it for serving clients' needs. The labs I would be discussing in this post are provided by Attack Defense: Tornado Recon: Basics Tornado: Basic Authentication Tornado: Digest Authentication So let's begin Tornado Recon: Basics In this lab my ip is 192.96.75.3 Which web server software is running on the target server? Also find out the version. Use nmap. Execute the command by replacing <IP> with the one you have been assigned with nmap -sS -sV <IP> It is serving Tornado server on port 80 and version of the server is 5.1.1 What content is returned when a query is made to the base dir
Apache Server Recon Basics Recon Begins... In my case the IP 192.9.249.3 . You can find the IP by running ipconfig and replacing last part of IP with 3 in eth1 interface What is the version of the running web server? So this is very straightforward and easy. Using nmap you can find this. nmap -sS -sV 192.9.249.3 The -sS flag tells nmap to scan the service on open port and -sV tells to find the version of it The version of Apache here is 2.4.18 What page is hosted on the running web server? Hmm, this is also easy. Let's try curl-ing the webpage curl http://192.9.249.3:80 -s | grep title By default curl will make request on port 80 and / path So, it is serving the Default index.html Page Perform bruteforce on web server directories and list the names of directories found. Use brute_dirs metasploit module. The brute_dirs module can be found in auxiliary/scanner/http/brute_dirs . Configure it as per your rhost requirements. After running it for ~3 mins, it managed to fin