Penetration Testing: Re: finding webroot on IIS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: finding webroot on IIS

From: Frederic Guerin <frederic.guerin () abovetech com>
Date: Thu, 14 Jun 2001 19:50:09 -0400

Try to exploit the *.idq bug. Do a request like 
http://www.acme.com/anything.idq

If the server is vulnerable, you should see the webroot...

Have a nice day,

On 14 June 2001 00:30, * (todd + 1) wrote:

hello all,

Recently i came across an IIS webserver that i found to be vulnerable to
the Unicode attacks. However, i cannot determine the webroot of this drive,
and therefore i am having troubles reaching a full comprimise.  The
directory "C:\Inetpub" exists, but the only contents of this directory is
the folder "mailroot".

Additionally, when i connect and request the root document (ie GET / ), it
returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what would be the
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

By Date By Thread

Current thread:

RE: finding webroot on IIS, (continued)
- RE: finding webroot on IIS George Milliken (Jun 14)
- Re: finding webroot on IIS David Page (Jun 14)
  - Re: finding webroot on IIS David Jacoby (Jun 15)
- Re: finding webroot on IIS H D Moore (Jun 14)
  - Re: finding webroot on IIS todd + 1 (Jun 14)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)
  - 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
    - Re: 3 pigs building web servers? hacker wolf? ghandi (Jun 19)
    - Re: 3 pigs building web servers? hacker wolf? Riley Hassell (Jun 19)
- RE: finding webroot on IIS Yonatan Bokovza (Jun 14)