GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools

Published on February 26th, 2018 | by MaxiSoler

0

WebLorean v.2017 – Time-Travel for Web Admins

WebLorean is a time-travel tool for web admins and IT security people. This tool allows pentesters and sysadmins to run an infogather phase against a website’s past hosts, exploting the human weakness of lazyness.


If we go to Netcraft, and check some domain name using their tools, we MIGHT find the hosting history of a website. Yes, www.example.com used to run on server A, then server B, now server C! And, wow, thats weird, the old servers are still up and running.

So, www.example.com MIGHT still be configured in one of those servers. You know how hosting companies [dont] do their homework sometimes 😉

So, an attacker could fire up a scanner, and by any means available, target www.example.com thru the older IP addresses, and scan our OLD WEBSITE[s], which, of course, we no longer keep updated (maybe not even the server, for that matter…). And you know what outdated usually means: holes. Lots of them.

And holes lead to lots of things: remote code execution, data exfiltration, resource control.

Additionally, this could can be used to detect bad implementations of CDNs, and to uncover origin servers behind CDNs.

Usage

cd weblorean
./weblorean.py http://www.example.org

 

More Information: here

Thanks to our friend Arturo ‘Buanzo‘ Busleiman for sharing this tool with us. 😉

Tags: , , ,


About the Author

www.artssec.com @maxisoler



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑