When performing Passive Web Reconnaissance or Active Application Testing, I often find Internal IP, Hostname, and Path Disclosures publicly available in log files. This kind of information can allow an attacker to understand the internal architecture and file system structure of the web server, which can act as a baseline for many other types of attacks to be successful. Below are some Google Hacks that display this type of sensitive information. How well protected is your organization from this type of information disclosure? Check for yourself!

General IP/Hostname Disclosures:
filetype:log intext:host client server

Targeted IP/Hostname Disclosures:
site:[domain] filetype:log intext:host client server
Ex: site:yourdomain.com filetype:log intext:host client server

General Path Disclosures:
filetype:log intext:host “C:\” “D:\” “inetpub”

Targeted Path Disclosures:
site:[domain]¬†filetype:log intext:host “C:\” “D:\” “inetpub”
Ex: site:yourdomain.com filetype:log intext:host “C:\” “D:\” “inetpub”

If you are lucky enough to find some ‘juicy’ information on your own organization, how do you fix something like this? ¬†It is pretty simple. You can have your web developer and web server support administrator turn off detailed error messaging on the web server and application. You should also remove any coding ‘comments’ that might divulge this information and restrict the indexing of sensitive or verbose log files.