The Hacker Recipes
GitHubTwitterExegolTools
Searchโ€ฆ
Introduction
Active Directory
Reconnaissance
Movement
Persistence
Web services
Reconnaissance
HTTP response headers
Comments and metadata
Error messages
Site crawling
Directory fuzzing
Subdomains enumeration
Virtual host fuzzing
Web Application Firewall (WAF)
Content Management System (CMS)
Other technologies
Known vulnerabilities
Configuration
Accounts and sessions
User inputs
Systems & services
Reconnaissance
Movement
Privilege escalation
Pivoting
๐Ÿ› ๏ธ Physical
Locks
Networking
Machines
Super secret zones
๐Ÿ› ๏ธ Intelligence gathering
CYBINT
OSINT
GEOINT
๐Ÿ› ๏ธ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
๐Ÿ› ๏ธ mobile apps
Android
iOS
Powered By GitBook
Error messages

Theory

It is common to browse websites that leak information regarding the technologies they use in various error messages. Attackers can try to willfully raise errors to find those information and have a better understanding of the attack surface.

Practice

Raising error pages and messages can be done manually when browsing the website by doing the following actions
  • requesting a page that doesn't exist (status code 404)
  • requesting a page without the proper rights (access control raising status code 403)
  • supplying garbage (special chars or wrong syntax) in user inputs (parameters, forms, headers) to raise syntax of filter errors.
Previous
Comments and metadata
Next
Site crawling
Last modified 6mo ago
Copy link
Contents
Theory
Practice