Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: finding webroot on IIS

From: David Jacoby <pewp () r00tmaffia org>
Date: Fri, 15 Jun 2001 09:31:12 +0200
Hi!

There are alot of things you can do to get the wwwroot/webroot path.

you can check .ida/.idq files 

http://target/filename.idq
http://target/filename.ida
http://target/filename.htx


(MS Frontpage htimage.exe File Existence Disclosure Vulnerability)
http://www.securityfocus.com/bid/1141

check on securityfocus.com for more information, there are MANY things you 
can do!

//pewp


----- Original Message -----
From: "* (todd + 1)" <todd () ubermother net>
To: <pen-test () securityfocus com>
Sent: Thursday, June 14, 2001 5:30 AM
Subject: finding webroot on IIS


hello all,

Recently i came across an IIS webserver that i found to be vulnerable to


the


Unicode attacks. However, i cannot determine the webroot of this drive,


and


therefore i am having troubles reaching a full comprimise.  The directory
"C:\Inetpub" exists, but the only contents of this directory is the
folder "mailroot".

Additionally, when i connect and request the root document (ie GET / ),
it returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what would be the
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother
Previous By Date Next
Previous By Thread Next

Current thread: