After rather quickly discovering more than a dozen websites within less than half an hour using the _vti_inf.html method. I decided to see if the Microsoft Management Console (MMC) would provide the same results as did the FP Explorer. I was able to connect and view what particular services were being used by the MMC for a few of the websites. Thankfully, I did recieve "Access Denied" warnings and "Network name not found" when trying to view the properties for those services. I'm curious if anyone else has taken this apporach. Or tried different methods using the same tools. As it could lead to a serious problem. There are huge holes waiting to happen to people if a remote MMC can be used on a misconfigured FP enabled webserver. Note: I have attempted to contact those webmasters whos sites proved vulnerable. -- PGP Key available on request. PGP Fingerprint: E5D6 41C7 50D9 4F29 0475 4829 8806 096A 6A97 1907 " Whether the chicken crossed the road or the road moved beneath the chicken depends on your frame of reference."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:19 PDT