- Joined
- Jun 21, 2018
- Posts
- 3,739
- Solutions
- 5
- Reaction
- 4,654
- Points
- 1,558
- Age
- 24
1. Web Server Errors
Web Server can return error codes, such as 404 or 403
In some cases, the web server will reveal its real IP, when returning an error of that type
This picture presents such a misconfiguration
If the site’s owner does not set the web server hostname to the domain or even better, creates custom error messages, this kind of leakage could be prevented
2. Application Errors
Causing an error in an application might cause the server to leak its IP address
If the error reporting is not set to off and the website has kind of the settings it had in development still running in production, you can play around a bit and try to cause an error
When it works, you will get something like “unexpected parameter ’ in application.php at xx.xxx.x.xxx”
I wanted to showcase this with a real-life example I had saved for my tutorial, but cannot seem to find it right now, will edit should I find it
3. Historical DNS data
One of the most promising methods if you ask me that will at least point you in a good direction
The dns trails feature of security trails will help you with this
It shows every DNS record that has ever been published for this domain
Lots of admins tend to first assign their domain to a single server, because “the site is not known yet”
However, this is a big mistake
The data can later be found and thus the real IP of the server
This Thread will probably be edited sometime in the future to provide an example for #2 or to expand it by more methods that come to my mind
Web Server can return error codes, such as 404 or 403
In some cases, the web server will reveal its real IP, when returning an error of that type
This picture presents such a misconfiguration
If the site’s owner does not set the web server hostname to the domain or even better, creates custom error messages, this kind of leakage could be prevented
2. Application Errors
Causing an error in an application might cause the server to leak its IP address
If the error reporting is not set to off and the website has kind of the settings it had in development still running in production, you can play around a bit and try to cause an error
When it works, you will get something like “unexpected parameter ’ in application.php at xx.xxx.x.xxx”
I wanted to showcase this with a real-life example I had saved for my tutorial, but cannot seem to find it right now, will edit should I find it
3. Historical DNS data
One of the most promising methods if you ask me that will at least point you in a good direction
The dns trails feature of security trails will help you with this
It shows every DNS record that has ever been published for this domain
Lots of admins tend to first assign their domain to a single server, because “the site is not known yet”
However, this is a big mistake
The data can later be found and thus the real IP of the server
This Thread will probably be edited sometime in the future to provide an example for #2 or to expand it by more methods that come to my mind