Monday, February 22, 2010

http

One morning I was webbrowsing:
ret@ret-laptop:~$ telnet some-server.com 80
Trying some.ip.address...
Connected to some-server.com
Escape character is '^]'.
GET /32452tr534tfgr4 HTTP/1.1
Host: some-host.com

HTTP/1.1 404 Not Found
Date: Mon, 22 Feb 2010 12:07:12 GMT
Server: NOYB
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
...404 and so on.
WTF? No shame:
# Server masking is optional
#fake server banner - NOYB used - no one needs to know what we are using
SecServerSignature "NOYB"
Hey, NOYB yourself, fucker! You know I'm OK with you bragging about how secure you are and everything, but what makes you think you can abuse protocol like that? It doesn't hurt to be polite, you know! Is it so hard to come up with something decent like "hidden"? So much for user interface. Kids these days...
Anyway, here's the rest of the reply:
(some-html-tags-that-blogger-chokes-on)
Apache/1.3.34 Server at www.some-host.com Port 80
(some-other-html-tags)

LOL.

Later edit: oddly enough there actually is a www.some-server.com which obviously has nothing to do with this post, please substitute www.example.com in the text above :P

No comments: