Penetration Testing mailing list archives
Re: finding webroot on IIS
From: David Jacoby <pewp () r00tmaffia org>
Date: Fri, 15 Jun 2001 09:31:12 +0200
Hi! There are alot of things you can do to get the wwwroot/webroot path. you can check .ida/.idq files http://target/filename.idq http://target/filename.ida http://target/filename.htx (MS Frontpage htimage.exe File Existence Disclosure Vulnerability) http://www.securityfocus.com/bid/1141 check on securityfocus.com for more information, there are MANY things you can do! //pewp
----- Original Message ----- From: "* (todd + 1)" <todd () ubermother net> To: <pen-test () securityfocus com> Sent: Thursday, June 14, 2001 5:30 AM Subject: finding webroot on IIShello all, Recently i came across an IIS webserver that i found to be vulnerable totheUnicode attacks. However, i cannot determine the webroot of this drive,andtherefore i am having troubles reaching a full comprimise. The directory "C:\Inetpub" exists, but the only contents of this directory is the folder "mailroot". Additionally, when i connect and request the root document (ie GET / ), it returns the string: "<% Response.ContentType = "text/plain" %> HELLO" Does anyone come across anything like this before, and what would be the simplest method of determining the webroot? thanks in advance todd willey ubermother
Current thread:
- finding webroot on IIS todd + 1 (Jun 14)
- RE: finding webroot on IIS George Milliken (Jun 14)
- Re: finding webroot on IIS David Page (Jun 14)
- Re: finding webroot on IIS David Jacoby (Jun 15)
- Re: finding webroot on IIS H D Moore (Jun 14)
- Re: finding webroot on IIS todd + 1 (Jun 14)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)
- 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
- Re: 3 pigs building web servers? hacker wolf? ghandi (Jun 19)
- Re: 3 pigs building web servers? hacker wolf? Riley Hassell (Jun 19)
- 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
- <Possible follow-ups>
- RE: finding webroot on IIS Yonatan Bokovza (Jun 14)