Re: finding webroot on IIS

From: Gary Warner (garat_private)
Date: Fri Jun 15 2001 - 09:48:48 PDT

Next message: Pedro Ortale Neto: "RE: How to become a professional penetration tester?"

Previous message: Desmond Irvine: "Re: Voice over IP"
In reply to: todd + 1: "finding webroot on IIS"
Next in thread: Robert Shea: "3 pigs building web servers? hacker wolf?"
Reply: Robert Shea: "3 pigs building web servers? hacker wolf?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, *IF* they are IISCODE vulnerable, I would guess there is a high likelihood
you could find the path like this:

http://www.target.com/pathcheck.ida
or
http://www.target.com/pathcheck.idq

You should get a response that looks like this:

Error "The IDQ file D:\program Files\XXXXXXX\YYYYYYY\anything.ida could not be
found. " (0xc000203e) encountered while processing the query "".

or more likely:

Error "The IDQ file D:\InetPub\wwwroot\anything.ida could not be found."

There are no MS patches that automatically correct this one.  You fix it by
associating the IDQ/IDA file extensions differently.

_-_
gar

Next message: Pedro Ortale Neto: "RE: How to become a professional penetration tester?"
Previous message: Desmond Irvine: "Re: Voice over IP"
In reply to: todd + 1: "finding webroot on IIS"
Next in thread: Robert Shea: "3 pigs building web servers? hacker wolf?"
Reply: Robert Shea: "3 pigs building web servers? hacker wolf?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 12:47:38 PDT