Nmap Development mailing list archives
Re: [NSE] http-iis-short-name-brute.nse
From: Paulino Calderon Pale <paulino () calderonpale com>
Date: Sun, 20 Oct 2013 21:13:30 -0500
On 09/18/2012 04:18 PM, David Fifield wrote:
On Sun, Sep 16, 2012 at 05:12:19PM +0200, Dev (nmap) wrote:Hi List, Attached is a NSE implementation of "iis-shortname-scanner-poc" from http://code.google.com/p/iis-shortname-scanner-poc/ . The script searches for the short name of files and dirs, example output: PORT STATE SERVICE REASON 80/tcp open http | http-iis-short-name-brute: | Folders | aspnet~1 | Files | sql~1.bak |_ test~1.php It still needs some testing, but currently I don't have access to an affected IIS installation. Any chance someone here has access to an IIS installation and can test it (or grant me permission to test on the platform) ?This script is fine with me, if you can get some testing results. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi list,This week at work I stumbled again with this vulnerability and the script worked flawlessly in one instance but it returned false positive results against another server (All pages were returning 404 and the script was saving them as valid directories). I'm attaching the updated version with my patch. This version worked as expected in my environment but I would appreciate some help testing it against different ASP.NET versions.
What do you guys think about including this script to the repository? None of the major commercial scanners detected this vulnerability except for Nmap and it has come very handy during pentests...
Cheers!
Attachment:
http-iis-short-name-brute.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-iis-short-name-brute.nse Paulino Calderon Pale (Oct 20)
- Re: [NSE] http-iis-short-name-brute.nse Juhani Toivonen (Oct 20)
- Re: [NSE] http-iis-short-name-brute.nse Fyodor (Oct 21)
- Re: [NSE] http-iis-short-name-brute.nse Paulino Calderon Pale (Oct 30)