-
Notifications
You must be signed in to change notification settings - Fork 85
/
iis
31 lines (22 loc) · 994 Bytes
/
iis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# iis
# old school vulns
http://blog.cassidiancybersecurity.com/post/2014/06/Android-4.4.3%2C-or-fixing-an-old-local-root
# decrypt passwords stored in IIS config files
https://www.netspi.com/blog/entryid/226/decrypting-iis-passwords-to-break-out-of-the-dmz-part-2
# webdav dir trav
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
http://www.skullsecurity.org/blog/?p=285
http://unixwiz.net/techtips/ms971492-webdav-vuln.html
=> /private%c0%af/
# IIS 6.x
* CVE-2017-7269 rce in PROPFIND
https://github.com/edwardz246003/IIS_exploit
# IIS 5.x
* hide the IIS server version from HTTP header (aka. banner)
http://support.microsoft.com/?id=317741
* disable webdav
http://support.microsoft.com/?scid=KB;EN-US;Q241520
# internal ip disclosure
bug IIS 6.0 qui renvoie l'IP interne si Host: pas envoyé
ou bien via Webdav
echo -e 'PROPFIND / HTTP/1.0\nUser-Agent: Mozilla/5.0\nAccept: */*\nHost:\nContent-Type: text/xml\nContent-Length: 0\n' | ncat --ssl -vn 10.0.0.1 443