Home page logo

pen-test logo Penetration Testing mailing list archives

Re: assessing IIS 5.0
From: pratiksha.doshi () niiconsulting com
Date: 5 Sep 2006 07:08:21 -0000


I feel it should be given Low Threat rating as the attacker cannot directly
exploit it.

To prevent internal IP address disclosure take the following steps:

a) Open a command prompt and change the current directory to
c:\inetpub\adminscripts or to the directory where 'adminscripts' is located.

b) Execute the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc

This change will force the IIS server to use the machine host name instead
of the IP address.

Penetration tester,NII Consulting

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]