I need to either find a file in which the version is encoded or a way of polling it across the web so it reveals its version. The server is running at a host who will not provide me command line access, although I can browse the install location via FTP.
我需要找到一个编码版本的文件或一种在网络上进行轮询的方式,以便显示其版本。虽然我可以通过FTP浏览安装位置,但服务器正在主机上运行,但不会为我提供命令行访问权限。
I have tried HEAD and do not get a version number reported.
我试过HEAD并且没有报告版本号。
If I try a missing page to get a 404 it is intercepted, and a stock page is returned which has no server information on it. I guess that points to the server being hardened.
如果我尝试丢失页面来获取404,则会截获,并返回一个没有服务器信息的库存页面。我想这表明服务器正在变硬。
Still no closer...
仍然没有更接近......
I put a PHP file up as suggested, but I can't browse to it and can't quite figure out the URL path that would load it. In any case I am getting plenty of access denied messages and the same stock 404 page. I am taking some comfort from knowing that the server is quite robustly protected.
我按照建议添加了一个PHP文件,但是我无法浏览它并且无法找到将加载它的URL路径。在任何情况下,我都会收到大量访问被拒绝的消息和相同的404页面。我知道服务器受到很强的保护,我感到很欣慰。
11 个解决方案
#1
122
The method
Connect to port 80 on the host and send it
连接到主机上的端口80并发送它
HEAD / HTTP/1.0
This needs to be followed by carriage-return + line-feed twice
这需要两次回车+换行
You'll get back something like this
你会得到这样的东西
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 12:39:43 GMT
Server: Apache/2.2.9 (Ubuntu) DAV/2 SVN/1.5.0 PHP/5.2.6-1ubuntu4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 02 Aug 2007 20:50:09 GMT
ETag: "438118-197-436bd96872240"
Accept-Ranges: bytes
Content-Length: 407
Connection: close
Content-Type: text/html; charset=UTF-8
You can then extract the apache version from the Server: header
然后,您可以从Server:标头中提取apache版本
Typical tools you can use
You could use the HEAD utility which comes with a full install of Perl's LWP library, e.g.
您可以使用完整安装的Perl LWP库附带的HEAD实用程序,例如:
HEAD http://your.webserver.com/
Or, use the curl utility, e.g.
或者,使用curl实用程序,例如
curl --head http://your.webserver.com/
You could also use a browser extension which lets you view server headers, such as Live HTTP Headers or Firebug for Firefox, or Fiddler for IE
您还可以使用浏览器扩展来查看服务器标头,例如Live HTTP Headers或Firebug for Firefox,或Fiddler for IE
Stuck with Windows?
Finally. if you're on Windows, and have nothing else at your disposal, open a command prompt (Start Menu->Run, type "cmd" and press return), and then type this
最后。如果您使用的是Windows,并且没有任何其他内容可供使用,请打开命令提示符(“开始”菜单 - >“运行”,键入“cmd”并按“返回”),然后键入
telnet your.webserver.com 80
Then type (carefully, your characters won't be echoed back)
然后输入(仔细,你的角色不会被回复)
HEAD / HTTP/1.0
Press return twice and you'll see the server headers.
按两次返回,您将看到服务器标题。
Other methods
As mentioned by cfeduke and Veynom, the server may be set to return limited information in the Server: header. Try and upload a PHP script to your host with this in it
如cfeduke和Veynom所述,服务器可能被设置为在Server:头中返回有限的信息。尝试将PHP脚本上传到您的主机中
<?php phpinfo() ?>
Request the page with a web browser and you should see the Apache version reported there.
使用Web浏览器请求页面,您应该看到在那里报告的Apache版本。
You could also try and use PHPShell to have a poke around, try a command like
您也可以尝试使用PHPShell进行搜索,尝试使用类似命令
/usr/sbin/apache2 -V
#2
43
httpd -v will give you the version of Apache running on your server (if you have SSH/shell access).
httpd -v将为您提供服务器上运行的Apache版本(如果您具有SSH / shell访问权限)。
The output should be something like this:
输出应该是这样的:
Server version: Apache/2.2.3
Server built: Oct 20 2011 17:00:12
As has been suggested you can also do apachectl -v which will give you the same output, but will be supported by more flavours of Linux.
正如已经建议你也可以做apachectl -v,它会给你相同的输出,但会得到更多版本的Linux的支持。
#3
5
Rarely, a hardened HTTP server is configured to give no server information or misleading server information. In those scenarios if the server has PHP enabled you can add:
很少,强化的HTTP服务器配置为不提供服务器信息或误导服务器信息。在这些情况下,如果服务器启用了PHP,您可以添加:
<?php phpinfo(); ?>
in a file and browse to it and look for the
在文件中浏览并查找
_SERVER["SERVER_SOFTWARE"]
entry. This is susceptible to the same hardening lack of information/misleading though I would imagine that it's not altered often, because this method first requires access to the machine to create the PHP file.
条目。虽然我认为它不经常改变,但是这种方法很容易受到相同的强化缺乏信息/误导的影响,因为这种方法首先需要访问机器才能创建PHP文件。
#4
4
Warning, some Apache servers do not always send their version number when using HEAD, like in this case:
警告,某些Apache服务器在使用HEAD时并不总是发送其版本号,如下例所示:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 13:09:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.6RC4-pl0-gentoo
Set-Cookie: PHPSESSID=a97a60f86539b5502ad1109f6759585c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Connection to host lost.
If PHP is installed then indeed, just use the php info command:
如果确实安装了PHP,只需使用php info命令:
<?php phpinfo(); ?>
#5
3
The level of version information given out by an Apache server can be configured by the ServerTokens setting in its configuration.
Apache服务器发出的版本信息级别可以通过其配置中的ServerTokens设置进行配置。
I believe there is also a setting that controls whether the version appears in server error pages, although I can't remember what it is off the top of my head. If you don't have direct access to the server, and the server administrator is competent and doesn't want you to know the version they're running... I think you may be SOL.
我相信还有一个设置可以控制版本是否出现在服务器错误页面中,尽管我不记得它是什么。如果您没有直接访问服务器,并且服务器管理员有能力并且不希望您知道他们正在运行的版本......我认为您可能是SOL。
#6
1
Telnet to the host at port 80.
通过80端口Telnet到主机。
Type:
get / http1.1
::enter::
::enter::
It is kind of an HTTP request, but it's not valid so the 500 error it gives you will probably give you the information you want. The blank lines at the end are important otherwise it will just seem to hang.
它是一种HTTP请求,但它无效,因此它给你的500错误可能会给你你想要的信息。最后的空白行很重要,否则它似乎就会挂起。
#7
0
If they have error pages enabled, you can go to a non-existent page and look at the bottom of the 404 page.
如果他们启用了错误页面,您可以转到不存在的页面并查看404页面的底部。
#8
0
Your best option is through PHP: All version requests from the client side cannot be trusted since your Apache could be configured with ServerTokens Prod and ServerSignature Off. See: http://www.petefreitag.com/item/419.cfm
您最好的选择是通过PHP:来自客户端的所有版本请求都不可信,因为您的Apache可以配置ServerTokens Prod和ServerSignature Off。请参阅:http://www.petefreitag.com/item/419.cfm
#9
0
In the default installation, call a page that doesn't exist and you get an error with the version at the end:
在默认安装中,调用不存在的页面,并在最后获得版本错误:
Object not found!
找不到对象!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
10/03/08 14:41:45
Apache/2.2.8 (Win32) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_autoindex_color PHP/5.2.5在此服务器上找不到请求的URL。如果您手动输入了URL,请检查拼写,然后重试。如果您认为这是服务器错误,请与网站管理员联系。错误404 localhost 10/03/08 14:41:45 Apache / 2.2.8(Win32)DAV / 2 mod_ssl / 2.2.8 OpenSSL / 0.9.8g mod_autoindex_color PHP / 5.2.5
#10
0
Simply use something like the following - the string should be there already:
只需使用以下内容 - 字符串应该已经存在:
<?php
if(isset($_SERVER['SERVER_SOFTWARE'])){
echo $_SERVER['SERVER_SOFTWARE'];
}
?>
#11
-1
Use this PHP script:
使用这个PHP脚本:
$version = apache_get_version();
echo "$version\n";
#1
122
The method
Connect to port 80 on the host and send it
连接到主机上的端口80并发送它
HEAD / HTTP/1.0
This needs to be followed by carriage-return + line-feed twice
这需要两次回车+换行
You'll get back something like this
你会得到这样的东西
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 12:39:43 GMT
Server: Apache/2.2.9 (Ubuntu) DAV/2 SVN/1.5.0 PHP/5.2.6-1ubuntu4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 02 Aug 2007 20:50:09 GMT
ETag: "438118-197-436bd96872240"
Accept-Ranges: bytes
Content-Length: 407
Connection: close
Content-Type: text/html; charset=UTF-8
You can then extract the apache version from the Server: header
然后,您可以从Server:标头中提取apache版本
Typical tools you can use
You could use the HEAD utility which comes with a full install of Perl's LWP library, e.g.
您可以使用完整安装的Perl LWP库附带的HEAD实用程序,例如:
HEAD http://your.webserver.com/
Or, use the curl utility, e.g.
或者,使用curl实用程序,例如
curl --head http://your.webserver.com/
You could also use a browser extension which lets you view server headers, such as Live HTTP Headers or Firebug for Firefox, or Fiddler for IE
您还可以使用浏览器扩展来查看服务器标头,例如Live HTTP Headers或Firebug for Firefox,或Fiddler for IE
Stuck with Windows?
Finally. if you're on Windows, and have nothing else at your disposal, open a command prompt (Start Menu->Run, type "cmd" and press return), and then type this
最后。如果您使用的是Windows,并且没有任何其他内容可供使用,请打开命令提示符(“开始”菜单 - >“运行”,键入“cmd”并按“返回”),然后键入
telnet your.webserver.com 80
Then type (carefully, your characters won't be echoed back)
然后输入(仔细,你的角色不会被回复)
HEAD / HTTP/1.0
Press return twice and you'll see the server headers.
按两次返回,您将看到服务器标题。
Other methods
As mentioned by cfeduke and Veynom, the server may be set to return limited information in the Server: header. Try and upload a PHP script to your host with this in it
如cfeduke和Veynom所述,服务器可能被设置为在Server:头中返回有限的信息。尝试将PHP脚本上传到您的主机中
<?php phpinfo() ?>
Request the page with a web browser and you should see the Apache version reported there.
使用Web浏览器请求页面,您应该看到在那里报告的Apache版本。
You could also try and use PHPShell to have a poke around, try a command like
您也可以尝试使用PHPShell进行搜索,尝试使用类似命令
/usr/sbin/apache2 -V
#2
43
httpd -v will give you the version of Apache running on your server (if you have SSH/shell access).
httpd -v将为您提供服务器上运行的Apache版本(如果您具有SSH / shell访问权限)。
The output should be something like this:
输出应该是这样的:
Server version: Apache/2.2.3
Server built: Oct 20 2011 17:00:12
As has been suggested you can also do apachectl -v which will give you the same output, but will be supported by more flavours of Linux.
正如已经建议你也可以做apachectl -v,它会给你相同的输出,但会得到更多版本的Linux的支持。
#3
5
Rarely, a hardened HTTP server is configured to give no server information or misleading server information. In those scenarios if the server has PHP enabled you can add:
很少,强化的HTTP服务器配置为不提供服务器信息或误导服务器信息。在这些情况下,如果服务器启用了PHP,您可以添加:
<?php phpinfo(); ?>
in a file and browse to it and look for the
在文件中浏览并查找
_SERVER["SERVER_SOFTWARE"]
entry. This is susceptible to the same hardening lack of information/misleading though I would imagine that it's not altered often, because this method first requires access to the machine to create the PHP file.
条目。虽然我认为它不经常改变,但是这种方法很容易受到相同的强化缺乏信息/误导的影响,因为这种方法首先需要访问机器才能创建PHP文件。
#4
4
Warning, some Apache servers do not always send their version number when using HEAD, like in this case:
警告,某些Apache服务器在使用HEAD时并不总是发送其版本号,如下例所示:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 13:09:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.6RC4-pl0-gentoo
Set-Cookie: PHPSESSID=a97a60f86539b5502ad1109f6759585c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Connection to host lost.
If PHP is installed then indeed, just use the php info command:
如果确实安装了PHP,只需使用php info命令:
<?php phpinfo(); ?>
#5
3
The level of version information given out by an Apache server can be configured by the ServerTokens setting in its configuration.
Apache服务器发出的版本信息级别可以通过其配置中的ServerTokens设置进行配置。
I believe there is also a setting that controls whether the version appears in server error pages, although I can't remember what it is off the top of my head. If you don't have direct access to the server, and the server administrator is competent and doesn't want you to know the version they're running... I think you may be SOL.
我相信还有一个设置可以控制版本是否出现在服务器错误页面中,尽管我不记得它是什么。如果您没有直接访问服务器,并且服务器管理员有能力并且不希望您知道他们正在运行的版本......我认为您可能是SOL。
#6
1
Telnet to the host at port 80.
通过80端口Telnet到主机。
Type:
get / http1.1
::enter::
::enter::
It is kind of an HTTP request, but it's not valid so the 500 error it gives you will probably give you the information you want. The blank lines at the end are important otherwise it will just seem to hang.
它是一种HTTP请求,但它无效,因此它给你的500错误可能会给你你想要的信息。最后的空白行很重要,否则它似乎就会挂起。
#7
0
If they have error pages enabled, you can go to a non-existent page and look at the bottom of the 404 page.
如果他们启用了错误页面,您可以转到不存在的页面并查看404页面的底部。
#8
0
Your best option is through PHP: All version requests from the client side cannot be trusted since your Apache could be configured with ServerTokens Prod and ServerSignature Off. See: http://www.petefreitag.com/item/419.cfm
您最好的选择是通过PHP:来自客户端的所有版本请求都不可信,因为您的Apache可以配置ServerTokens Prod和ServerSignature Off。请参阅:http://www.petefreitag.com/item/419.cfm
#9
0
In the default installation, call a page that doesn't exist and you get an error with the version at the end:
在默认安装中,调用不存在的页面,并在最后获得版本错误:
Object not found!
找不到对象!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
10/03/08 14:41:45
Apache/2.2.8 (Win32) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_autoindex_color PHP/5.2.5在此服务器上找不到请求的URL。如果您手动输入了URL,请检查拼写,然后重试。如果您认为这是服务器错误,请与网站管理员联系。错误404 localhost 10/03/08 14:41:45 Apache / 2.2.8(Win32)DAV / 2 mod_ssl / 2.2.8 OpenSSL / 0.9.8g mod_autoindex_color PHP / 5.2.5
#10
0
Simply use something like the following - the string should be there already:
只需使用以下内容 - 字符串应该已经存在:
<?php
if(isset($_SERVER['SERVER_SOFTWARE'])){
echo $_SERVER['SERVER_SOFTWARE'];
}
?>
#11
-1
Use this PHP script:
使用这个PHP脚本:
$version = apache_get_version();
echo "$version\n";