Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: assessing IIS 5.0
From: pratiksha.doshi () niiconsulting com
Date: 5 Sep 2006 07:08:21 -0000

Hi,

I feel it should be given Low Threat rating as the attacker cannot directly
exploit it.

To prevent internal IP address disclosure take the following steps:

a) Open a command prompt and change the current directory to
c:\inetpub\adminscripts or to the directory where 'adminscripts' is located.

b) Execute the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc

This change will force the IIS server to use the machine host name instead
of the IP address.

Thanks
Pratiksha
Penetration tester,NII Consulting

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]