On Mon, 27 Nov 2000, Jonathan Wrathall wrote:
> During a test of a client's IIS web server, I've encountered the following
> scenario:
>
> 1. I am able to view files in the WINNT directory using the "MS Index
> Server '%20' ASP Source Disclosure Vulnerability" vulnerability.
>
> 2. I am able to connect to IPC$, and I've used dumpsec to get the userlist
> etc.
>
> 3. The winnt/system32/repair/sam._ file does not appear to be present.
>
> Can anyone suggest other files that might reveal hard-coded passwords, or
> other valuable information?
"Hard-coded," um, *.pwl , and perhaps evel *.ini files, depending....
> Thanks,
> Jon
I would imagine one could view the various suite(s), applications
installed [/program files/, etc.], and determine if the installed
applications, assuming they are actively being used (not nec. real-time),
offer password caches of any form. MS-WORD, WP, et cetera, files can
offer paswords.
> _________________________________________________
> Jonathan Wrathall, BCom
> Security Consultant
> JAWZ Inc.
Received on Nov 29 2000
Intro
