Penetration Testing mailing list archives

Re: [PEN-TEST] Question regarding IIS method options & www versio n

From: Pen Tester <pen_tester () HOTMAIL COM>
Date: Wed, 6 Dec 2000 16:09:20 -0000

I appreciate all the insight given.  I can now see why most of the scanners
just report generic information.  They probably don't want to be responsible
for an admin going in with a hex-editor and hosing up his/her webserver.
I'll give these suggestions a whirl in my lab and see if that indeed works.

Why can't these webservers all be like Apache.  *sigh*

From: "Oman, R. Andrew" <Andrew.Oman () GLOBALINTEGRITY COM>
Reply-To: Penetration Testers <PEN-TEST () SECURITYFOCUS COM>
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Question regarding IIS method options & www versio
            n
Date: Wed, 6 Dec 2000 09:50:12 -0500

To change the information IIS returns from a HTTP HEAD command, simply edit
the W3SVC.dll ( in the winnt/system32/inetsvr directory ) and replace the
instances of MICROSOFT IIS/ 4.0 with
whatever you would like. I have not done any extensive checking on what
other locations banner/version info might be in. I can try to dig up the
same info for Netscape (I have it somewhere!)unless someone posts it before
I can find it.

Andrew

> However Netscape and IIS I haven't been able to find any
> documentation removing these options & version.  Is it even
> possible?  The  RFC says this should be a configurable option.

You should be able to use a hex editor and either change or pre-empt
(with \0) the strings for these commands. In another list we were
discussing changing the banner that identifies IIS' FTP and web
services. The same way you should be able to 'remove' the strings for
LINK, PUT, DELETE and whatever else you would like to remove.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOi3E5kRKym0LjhFcEQJoeQCg1JGXd+IZ0G9z1DN+OlgEstZF7FUAoMlM
vGVQ6Twxarw0jI4dJ4lygoVI
=90WF
-----END PGP SIGNATURE-----


_____________________________________________________________________________________
Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com

Current thread:

Re: [PEN-TEST] Question regarding IIS method options & www versio n Frank Knobbe (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] Question regarding IIS method options & www versio n Oman, R. Andrew (Dec 07)
- Re: [PEN-TEST] Question regarding IIS method options & www versio n Pen Tester (Dec 07)