Penetration Testing mailing list archives
Re: assessing IIS 5.0
From: pratiksha.doshi () niiconsulting com
Date: 5 Sep 2006 07:08:21 -0000
Hi, I feel it should be given Low Threat rating as the attacker cannot directly exploit it. To prevent internal IP address disclosure take the following steps: a) Open a command prompt and change the current directory to c:\inetpub\adminscripts or to the directory where 'adminscripts' is located. b) Execute the following commands: adsutil set w3svc/UseHostName True net stop iisadmin /y net start w3svc This change will force the IIS server to use the machine host name instead of the IP address. Thanks Pratiksha Penetration tester,NII Consulting ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- assessing IIS 5.0 vijay shetti (Sep 05)
- Re: assessing IIS 5.0 Joey Peloquin (Sep 05)
- <Possible follow-ups>
- RE: assessing IIS 5.0 Butler, Theodore (Sep 05)
- Re: assessing IIS 5.0 Robert E. Lee (Sep 05)
- Re: assessing IIS 5.0 pratiksha . doshi (Sep 05)
- RE: assessing IIS 5.0 Butler, Theodore (Sep 05)
- RE: assessing IIS 5.0 Shenk, Jerry A (Sep 05)