Skip to content

Internals

Jump to bottom
Piyush Raj edited this page May 8, 2021 · 2 revisions

Reconnaissance — Jira version detection

If unauthenticated, one can access Confluence's landing page and retrieve version information from these places:

  • Login page footer.

  • Response Head AJS Tags.

  • Response Body What's New Link.

  • Response Body Confluence Help Link.

Reconnaissance — AWS platform detection

Jiraffe uses gethostbyaddr() to get the host name corresponding to target's IP address and then utilizes pattern searching to detect AWS.

Supported URL Paths
Root Path: /latest/meta-data/{hostname,public-ipv4,...}
User Data : /latest/user-data
AWS Credentials : /latest/meta-data/iam/security-credentials/
Clone this wiki locally