If port 135 is open, epdump or rpcdump will show you all the IP addresses that are bound to that machine. These IPs usually relate to the virtual websites on the machine. I believe this is also documented in Hacking Exposed. At 07:28 PM 7/16/2001 -0400, Malf Easance wrote: >Hello Fellow pentesters > >I'm working on a blind test and found an IIS >server that is apparently running virtual >hosting multiple websites on the same IP address > >HTTP/1.0 is refused wants the format like: > >HTTP/1.1 >host: >(I don't know the host sites by name) > >Is there a way to get IIS to spill a list >of all the 'host:' entries. > >I've tried DNS PTR lookups but it seems as >though multiple addresses are bound to the >interface as well, so I'm not sure I got >them all. > >TIA, > >Malf > >____________________________________________________________________ >Get free email and a permanent address at http://www.amexmail.com/?A=1 > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 14:55:43 PDT