RE: Pentest IIS Webserver

["Paul Melson" <pmelson () gmail com>]

-----Original Message-----
Subject: Pentest IIS Webserver

> I am currently doing a pentest on an IIS 6.0 webserver ... I was able to
get access to /
> _vti_pvt/access.cnf  and /_vti_pvt/service.cnf the access file included
the following 
> directives vti_encoding RealmName InheritPermissions PasswordDir
>
> Appreciate if someone could tell me if i can continue from here

It's mostly recon.  RealmName might give up some info about the server or
the directory it's in.  PasswordDir will give up the local path to the
FrontPage extensions and that might in turn give you some additional info
(like usernames in the path), but in and of itself access.cnf being readable
is a fairly low importance finding.  Fairly common, too:

Results 1 - 100 of about 526 for filetype:cnf inurl:_vti_pvt access.cnf.
(0.95 seconds)


PaulM


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------