IIS 5.0 problem with "backup" files in executable directories....how to enumerate them?

[fr0stman <fr0stman () sun-tzu-security net>]

Ok I have a scanner utility that is enumerating backup copies of files that 
are present:

i.e. http://www.blah.com/index.html

If there's an index.old or index.html.old the script will find these with 
subsequent GET requests for the "backup" files.

Where I'm running into a problem is with IIS 5.0 (Apache doesn't do this).

i.e. http://www.blah.com/scripts/login.asp

When I make a POST request to /scripts/login.old, etc I get a 405 method not 
allowed. The error in the returned header states only methods OPTIONS and 
TRACE are allowed which I'm assuming are the default methods allowed for a 
file extension that hasn't previously been setup in the IIS directory 
configuration. GET requests of course return 403 access denied errors. TRACE 
returns 200 OK for any request and OPTIONS of course returns the allowed HTTP 
methods.

Has anyone else overcome this error or have a reliable method of determining 
"backup" copies of files are present in executable directories? Thanks in 
advance.

-- 
-- fr0stman --

----------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does. Plug your security holes now!
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html