http://www.x0fff8.org/HackingIIS4-5.pdf
I attached it too, because well, thats what i was supposed to do in the first place
Full Version: Hacking Iis 4/5 On Windows 2000
Hello peoples. dr0zaxx has asked me to post his new pdf on compromising IIS 4/5 on a Win2k platform. The link is here, so enjoy. And make him a damn member already! lol
http://www.x0fff8.org/HackingIIS4-5.pdf
I attached it too, because well, thats what i was supposed to do in the first place
http://www.x0fff8.org/HackingIIS4-5.pdf
I attached it too, because well, thats what i was supposed to do in the first place
hahaha..Good stuff dr0zaxx!!!
i have gave upto exploit iis.
But now...im happy totest it.
thank u sir Tyrano!
But now...im happy totest it.
thank u sir Tyrano!
nice tut there dr0zaxx, well set out
thx for this tutorial
didnt know that bug yet.
didnt know that bug yet.
with web folder
hmm i find a IIS 5 server test it and instead of saving it as a webfolder it saves it as a little desktop icon as \\www.[site].com is it just becouse the server is patched and the admin isnt stupid?
Interesting info here. News to me but hey im slow. Test good!
Dude looks like hes got some anger built up hehe. More sex m8
Dude looks like hes got some anger built up hehe. More sex m8
really interesting, but why should that be usefull?
Just for defacing a website oder sth?
You can up - OK - but yyou aren't abel to execute sth.
am i right?
Just for defacing a website oder sth?
You can up - OK - but yyou aren't abel to execute sth.
am i right?
I wonder what makes this possible. All you do is add the page to your network, and then you have full access to it. I have to say this is somewhat the most lame thing I've ever seen. Alot if kiddies will have a laugh doing this.
| QUOTE |
| hmm i find a IIS 5 server test it and instead of saving it as a webfolder it saves it as a little desktop icon as \\www.[site].com is it just becouse the server is patched and the admin isnt stupid? |
Yes, I also faced this problem in Windows XP. Some vulnerable sites i tested do come up as a "My Computer" icon instead of a web folder. I am not sure why so. Maybe due to the settings in each individual computers. Some vulnerable website i am able to view, but some vulnerable i am not
dont know why. You might want to ask around. 
very usefull info
now does annyone know how to make an .asp script to execute an .exe or eaven if it's possible?
now does annyone know how to make an .asp script to execute an .exe or eaven if it's possible?
Am i missing out on something ... seems to me that entering website after website into that NetCraft website in order to see if it is running IIS 4/5 would be pretty tedious ... is there a faster way
well scan for port 80 with a prog that shows the banner and then find the files with the iis banner
| QUOTE |
| very usefull info now does annyone know how to make an .asp script to execute an .exe or eaven if it's possible? |
Hrm... I did thought of that. But then, I didnt learned ASP so I wouldnt have much clue on that. If you are interested, you might want to test it. You can repost your results if you have any or managed to execute an .exe file.
Yeah there is a faster way, i heard Angry IP Scanner does the job. You are able to log the banner retrieved each time.
I have use WebDav Scanner, it shows the banner and its fast ... but i thing the most of the server are patched ?
Have you ever noticed, that you are only connectet to the IPC share?
type \\IP in your browser and you see the same..
So waht you need to do this is scann for port 139/445 and try to acc this computer via your browser as a guest..
Sometimes you have luckd and you are able to access guest shared folders..
and if you have really luck the admin has shared c:\inetpub\wwwroot\
A guest doesnt have execute rights.. yes you can upload files in special folders, but nothing more.. defacing of the index.asp / index.html is impossible sorry ^^
type \\IP in your browser and you see the same..
So waht you need to do this is scann for port 139/445 and try to acc this computer via your browser as a guest..
Sometimes you have luckd and you are able to access guest shared folders..
and if you have really luck the admin has shared c:\inetpub\wwwroot\
A guest doesnt have execute rights.. yes you can upload files in special folders, but nothing more.. defacing of the index.asp / index.html is impossible sorry ^^
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
