Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Re: finding webroot on IIS
From: David Jacoby <pewp () r00tmaffia org>
Date: Fri, 15 Jun 2001 09:31:12 +0200
Hi!

There are alot of things you can do to get the wwwroot/webroot path.

you can check .ida/.idq files 

http://target/filename.idq
http://target/filename.ida
http://target/filename.htx


(MS Frontpage htimage.exe File Existence Disclosure Vulnerability)
http://www.securityfocus.com/bid/1141

check on securityfocus.com for more information, there are MANY things you 
can do!

//pewp


----- Original Message -----
From: "* (todd + 1)" <todd () ubermother net>
To: <pen-test () securityfocus com>
Sent: Thursday, June 14, 2001 5:30 AM
Subject: finding webroot on IIS


hello all,

Recently i came across an IIS webserver that i found to be vulnerable to


the


Unicode attacks. However, i cannot determine the webroot of this drive,


and


therefore i am having troubles reaching a full comprimise.  The directory
"C:\Inetpub" exists, but the only contents of this directory is the
folder "mailroot".

Additionally, when i connect and request the root document (ie GET / ),
it returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what would be the
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]