I finished the exercise for this module so I don’t need a nudge on the answer. However, I’m wondering if anyone has any strategies for enumerating the PHP version used by the server in this case.
To pull /etc/php/X.Y/apache2/php.ini , you need to know the version of PHP installed. In this case it was the same as the examples, but I’m wondering how one might do this in a blackbox situation.
Things I tried:
- NSE http-php-version NSE script — Nmap Scripting Engine documentation - nothing.
- Looking in the Server Response headers - none.
- Viewing page source for potential version numbers.
- Ran whatweb
I guess one could technically brute force X.Y in /etc/php/X.Y/apache2/php.ini but that seems inefficient.
Looking for better ideas to use in blackbox situations.