Discovering websites on the same server

Over the years, organizations have moved away from hosting their company's website on their own on-premises server to using an online, cloud-based solution. There are many website hosting companies available in the e-commerce industry that provide solutions such as website hosting.

Hosting providers don't usually give customers a dedicated server to host their website; instead, a shared space is given. In other words, the server that is hosting your website is also hosting other people's websites as well. This is a benefit for both the service provider and the customer. The customer pays less as they are simply sharing the resources on a server with others and the server provider doesn't need to spin up a dedicated server per user, which would result in less power consumption and physical storage space in the data center.

Due to service providers using this business and IT approach of providing shared space for their customers, security is a concern. It's like using the computers in a school lab; each person has their own user account but is still sharing a single system. If one user decides to perform malicious actions on the computer, they may be able to retrieve sensitive data from the other users' accounts/profiles.

In Chapter 5, Passive Information Gathering, Maltego was introduced so that we could perform passive information gathering in relation to a target website. In this section, we are going to use Maltego once more to help us discover websites that are hosted on the same server.

Before continuing, please ensure that you are comfortable with using Maltego to perform various information-gathering tasks. If you are having difficulty remembering how to use the essential tools within Maltego, please take a few minutes to review Chapter 5, Passive Information Gathering.

Observe the following steps to discover websites on the same server:

  1. Add a domain on Maltego. For this exercise, I have created a new domain using a free web hosting provider. You can do the same or use your existing domain name if you already own one.
You should not use someone else's domain without their knowledge and consent. For this exercise, I have created and own the target domain only.
  1. Right-click on the Domain entity and choose All Transforms | To DNS Name – NS (name server), as shown in the following screenshot:

Maltego will take a few seconds to retrieve the nameservers for the target domain name:

The hosting provider for my custom domain is using two nameservers.

  1. Once the nameservers have been retrieved, it's time to check whether there are other websites hosted on the same servers. Right-click on a nameserver and select All Transforms | To Domains (Sharing this NS), as shown in the following screenshot:

This process usually takes a minute or two to complete. Once finished, Maltego will provide you with the results. As you can see in the following snippet, there are multiple websites hosted on the same server as my domain:

This technique is very useful when profiling a target organization's web server. Sometimes, you may encounter an organization hosting their website and other internal sites on the same server within the DMZ section of their network. Always attempt to perform enumeration techniques to extract any sites on web servers. Sometimes, organizations host their intranet site on the same web server as their public website. Gaining access to hidden sites can provide fruitful information.

Disclaimer: To protect confidentiality, information related to the websites has been blurred as it belongs to other parties.

In the next section, we will learn about the methods we can use to discover sensitive files on a website.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.105.31