Penetration Testing: Re: finding webroot on IIS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: finding webroot on IIS

From: "David Page" <david () melaniepage worldonline co uk>
Date: Thu, 14 Jun 2001 18:11:40 +0100

You could probably try something like

GET /blah.ida HTTP/1.1

Will probably disclose the webroot.

----- Original Message -----
From: "* (todd + 1)" <todd () ubermother net>
To: <pen-test () securityfocus com>
Sent: Thursday, June 14, 2001 5:30 AM
Subject: finding webroot on IIS

hello all,

Recently i came across an IIS webserver that i found to be vulnerable to

the

Unicode attacks. However, i cannot determine the webroot of this drive,

and

therefore i am having troubles reaching a full comprimise.  The directory
"C:\Inetpub" exists, but the only contents of this directory is the folder
"mailroot".

Additionally, when i connect and request the root document (ie GET / ), it
returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what would be the
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

By Date By Thread

Current thread:

finding webroot on IIS todd + 1 (Jun 14)
- RE: finding webroot on IIS George Milliken (Jun 14)
- Re: finding webroot on IIS David Page (Jun 14)
  - Re: finding webroot on IIS David Jacoby (Jun 15)
- Re: finding webroot on IIS H D Moore (Jun 14)
  - Re: finding webroot on IIS todd + 1 (Jun 14)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)