s p o n s o r e d   l i n k s


Assessing IIS Configuration Remotely (Low Level IIS Application Assessment).pdf

November 4, 2008 · Filed Under Hacking Related  · Tags: , , , ,

Taken from Introduction: A good application security assessment should probe all levels of the environment as well as the custom application itself. In terms of what can be exploited to leverage the greatest access it is of course the application itself, whether through SQL Injection or arbitrary command execution or file access, but defense in depth is by far the best stance to take. As such, this document will look at the relatively unsung skill of assessing the in-depth configuration of a Microsoft IIS web server remotely, showing how to “read” server responses to do this. Hopefully this paper will show how to use two seemingly disparate pieces of information to help determine an attack and therefore assess the associated risk. We will examine ways to determine what permissions have been set on virtual directories used by the application, what authentication options have been left enabled or disabled, what default application extension mappings have been left in place, how to gather information about the server, in terms of physical directory structure, internal IP addresses, computer and Windows NT domain name, anonymous Internet account names and more. Some of this information is relatively old, some fresh, straight out of the NGSSoftware research labs and when combined with a good security analysis of the application code or logic will be able to produce a killer app assessment.

This paper assumes a working knowledge of Microsoft’s IIS and HTTP.

Contents:

  • Introduction
  • Directory Permissions [ Execute ~ Script ~ Write ~ Read ~ Directory Browsing ]
  • IIS Authentication[ Basic ~ NTLM ]
  • Information Leakage [ Internal IP Addresses ~ Computer Name ~ Windows NT Domain Name ]
  • Default Application mappings
  • When a 200 response doesn’t quite mean 200
  • IIS on Workstation or Server?

This ebook is available FREE at Leet Upload website, we merely collect the information, we are neither affiliated with the author(s), the website and any brand nor responsible for its content and change of content. (Read our disclaimer here or here before you download the document from the website written above by clicking the below link).

Download free Assessing IIS Configuration Remotely (Low Level IIS Application Assessment).pdf (8 pages pdf file, 0.1 MB).

Related posts




You might also be interested in reading:
iis configuration pdf, IIS server configuration pdf, Microsoft IIS Configuration Assessment
« Prev
Next »

Disclaimer

http://www.onlinefreeebooks.net - provides you collection of links to other websites containing ebooks/manuals/cheatsheets either for computer geeks, technicians, automotive enthusiasts or programmers. We merely take the power of Google Search to find those materials and link to it. NONE OF THOSE MATERIALS ARE HOSTED IN THIS SERVER NOR UPLOADED BY ME IN SOMEONE'S SERVERS.

We are neither affiliated with authors and brands nor responsible for its content and change of content.

Information contained herein is provided "as is" without warranty of any kind, either expressed or implied, including any warranty of merchantability or fitness for a particular purpose. In no event shall ANYONE be held liable for any loss of profit, special, incidental, consequential, or other similar claims.

Comments

Leave a Reply