stupid apache windows trick

Simple things feel good. They really do! Keep life simple. Flashing across the full-disclosure list this week was a simple way to enumerate whether an Apache web server is running on Windows or not.

If you make a call to a page that does not exist, you get a typical 404 error, like this page that doesn’t exist. (Yeah, in a few months I’ll regret putting up a purposely dead link when I see it in the logs…). But try hitting a link to domain/AUX. You get a far different error on my site because, yes, stone me now, I run Apache on Windows. Try it on someone else’s site that you know is running Apache on nix, and you’ll just get the normal 404 error.

So next time you’re curious about a web site and you’ve confirmed it runs Apache, try the “on Windows?” test so you don’t look stupid trying to use “root” on the listening SSH port or throw in a battery of nix-only vulns to the website.