Level 11: Server Fingerprinting - PentestMe

Find the Web Server Without the Server Header

This site hides the Server HTTP response header at the origin, and a CDN may present its own headers. Your task: determine which web server runs the origin application.

Tip: Trigger a server-generated error page to fingerprint behavior. For example, send a non-GET/POST method to /probes/methods to receive a 405 Method Not Allowed page from the origin server. Compare the response style, wording, and headers (ignoring the CDN's own) against known server fingerprints.

Your guess (e.g., "Apache")

Useful Commands

curl -i https://pentestme.zerolinkchain.com/ | sed -n '1,20p'   # Notice Server header is hidden at origin (CDN may show its own)
curl -i -X PUT https://pentestme.zerolinkchain.com/probes/methods   # Get a 405 page from the server

What to look for

Wording and layout of default error pages (e.g., 405).
Subtle header patterns not tied to the CDN (e.g., Allow: ordering on 405).
Response nuances to odd verbs or edge request patterns.