Vulnerability Development mailing list archives
Re: IIS anonymous user - who?
From: billp () ROCKETCASH COM (Bill Pennington)
Date: Tue, 18 Jul 2000 09:36:53 -0700
If I remember correctly the Everyone group under NT is exactly that, everyone. Authenticated users, unauthenticated users, my mother, my grandmother etc. Now I am a little fuzzy about the IUSR_compname account is used so I won't attempt to tell you what it does. Just remember everyone is everyone. Chris Erasmus wrote:
Recently we noticed something interessting about MS IIS 4.0, here is the scenario: Windows NT 4.0, SP 4. Default installation NT Option Pack. One way of not allowing anonymous access to a website is via the Internet Service Manager, but we were toying with another idea. What will happen if you delete the IUSR_Computername account completely? Surely anonymous access to the default website will be disallowed. No. To our surprise it wasn't. The account used for anonymous access was confirmed to be the IUSR_Compname. The service is running as System. Anonymous access was only denied after removing the Everyone group from the default.asp page's permission list. Administrator and System still had access to the page. Does anyone know why this happens or where we are making a mistake. Who's accessing the page? Thanks Chris Erasmus www.sensepost.com
-- Bill Pennington Senior IT Manager Rocketcash billp () rocketcash com http://www.rocketcash.com
Current thread:
- Nokia 7110 Wap Browser Hole, (continued)
- Nokia 7110 Wap Browser Hole Aidan O'Kelly (Jul 13)
- core dump mount ararat blossom (Jul 13)
- Re: core dump Leon Breedt (Jul 13)
- Re: core dump Kev (Jul 13)
- Re: core dump Tymm Twillman (Jul 13)
- Re: core dump Bluefish (Jul 14)
- Denials of Service Attacks J. Oquendo (Jul 16)
- Re: Denials of Service Attacks Adam Muntner (Jul 18)
- Re: core dump Javier Abdul Córdoba Gándara (Jul 17)
- IIS anonymous user - who? Chris Erasmus (Jul 17)
- Re: IIS anonymous user - who? Bill Pennington (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- IE Script Vul. Frank Town (Jul 18)