PaulDotCom mailing list archives
Re: with full read access what would you read
From: Michael Dickey <lonervamp () gmail com>
Date: Tue, 2 Nov 2010 16:33:10 -0500
Windows, eh? And not able to do directory listings to browse? Tricky! I'll try through some ideas... - machine.config for any versions of .net installed (predictable paths in c:\windows\microsoft.net\framework... - group policy or wsus log files may give some network information - event log locations (although you'll likely get denied, but maybe some .old files are present) - c:\windows\system32\logfiles\httperr may yield some app pool errors that may be helpful - if you can read out permissions, it might be useful to try random paths like administrators, all users profiles, program files, a D:\ drive, and see if you can find any service or other accounts listed - IIS metabase: \system32\inetsrv\Metabase.xml and related files - try for a web.config under every directory from your current one down until you can't go up anymore Finding that web root would be really nice... On Tue, Nov 2, 2010 at 11:52 AM, Robin Wood <robin () digininja org> wrote:
On a recent test I found a website with a directory traversal attack that let me read any file. The server was Win 2003 and I read the obvious win.ini and boot.ini. I then read the Administrators desktop.ini to prove I could. I tried but couldn't read the registry files (not expected but worth trying). The web server was an unusual one, part of an app so I couldn't find the web root. The IIS web root just had an "Under Construction" file in it so nothing interesting in there. So, without being able to do directory listings to see what is there, what files would you read on this box and why? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- with full read access what would you read Robin Wood (Nov 02)
- Re: with full read access what would you read Tim Krabec (Nov 02)
- Re: with full read access what would you read Ryan Sears (Nov 02)
- Re: with full read access what would you read Robin Wood (Nov 03)
- Re: with full read access what would you read Bill Swearingen (Nov 02)
- Re: with full read access what would you read Michael Dickey (Nov 03)
- Re: with full read access what would you read Robin Wood (Nov 08)
- <Possible follow-ups>
- Re: with full read access what would you read d4ncingd4n (Nov 02)
- Re: with full read access what would you read Robin Wood (Nov 03)