EH-Net

Hello and please help me !
im a new member of ethicalhacker.net its prety good but i have bad damn problem with iis 6. in pentration test duration. the webDAV service is closed on the iis web server and icant use web dav exploit please help me to exploit the iis server

If you don't have access to webdav try and think what you do have access too. Maybe you cant exploit the machine!

No mr Jamie.R i scanned the web server with metasploit webdav scanner ans i sure the webdav service is of other iis exploits in metasploit is for iis 4 and 5 is not for iis 6 do you have an exploit code or a tool or some thing like that

i can crack the ftp passwoed but about the iis not thing please heeeeeelp mee!!!!!!!!!!!!!!!!!!!!!! ;)

It is possible that the webDAV service may have been patched or a workaround has been configured to prevent such attack.  What exploit are you trying to use?  CVE?

i wanna use iis webdav upload asp exploit in metasploit with windows\meterpreter\reverse tcp but its not working

What is the error you receive?  Are you attacking from internal or external?  A number of factors may come into play.  Firewall may be using egress filtering and not allowing the traffic to go out over your reverse_tcp session.  IPS may be blocking the attack or the admins may have implemented the workaround from http://osvdb.org/397. 

When the exploit process is completed the metasploit gives me this message (exploit is completed but no session was created) i think you are right maybe the firewall is block my session do you have solution for this?

and i forgot to tell you something 3xban my attack to the web server is external


Thanx alot for helping me

You may have to consider another way to pop the box.  IIS may not be a viable attack vector if it has been properly hardened and the outter defenses are also hardened.  Just because something is present, doesn't always mean it is exploitable.

Yes 3xban but i must show iis vulnerability to my boss he likes this
damn service and also i cant go to my office and attack to the web server

Well there is nothing wrong with IIS.  The other option is to run a vulnerability scan against it using  a tool like NESSUS or run Microsoft Baseline Security Analyzer (MBSA) against it to see if there are any issues that need resolving.  If the NESSUS scan and MBSA scans come back clean, then there isn't much else to report.  If there is any specific Web Application running (other than IIS) then you can utilize a number of Web App security testing packages to report if there are any vulnerabilities there. 

So why can't you review the box at the office?

because i wanna act like a malicious hacker im a help desk an my office i have credential on the office but work is not malicious i have
permission to do that!

Wait...  You're saying you're 'helpdesk' and at work you have permission, but you DON'T for this?

Are you certain you've been assigned to, or are being allowed to, test this website / webserver?

This thread reads like you're trying to prove a point, without permission.....

Please clarify EXACTLY what it is you're doing, and why.

i have permission for pentest

and i made this topic for iis 6 hacking not for some thing around my permissionss or credentials!

and thank 3xban for MSBA  i dwonloaded it
its amazing

No problem.  As for IIS 6 well sometimes you just need to realize that it may not be exploitable based on what is in use.  Not to say that IIS 6 is not vulnerable to other attacks, but if the network is configured properly it is very difficult to use things like reverse TCP shells.  So you need to say "Well this particular server does not make a viable attack vector because..." and state that it is possible that proper firewall rules are in place as well as IDS/IPS systems preventing the attack from happening. 

IIS 6 is still currently supported by MS so there are regular updates available and there are hardening processes available.  So if the person who configured the server originally new his stuff, then that server might be locked down tight.  If you review the last few big breaches you will see that it wasn't necessarily the version of software that was a problem but the configuration in the particular application.  So it wasn't necessarily because IIS had ASP configured but an application configured with ASP.NET may have not been properly coded and XSS was allowed or the code to the SQL backend wasn't secured and SQLi was allowed.

Now if your MBSA report of that server came back green then there may not be any easily exploitable vulnerabilities on the Microsoft end of town.  You then have to look at the specific web apps and try there.  If it is custom written code then there very well could be some user created vulnerabilities.  If there are no apps and its just a regular old web server well you might not have too many options. 

Easy there, White ghost...  I know what you started this thread for.

I understood your reasoning, but for a moment, it just seemed that your motives might've been ill-mannered, or at the least, misguided.  And, if you come with attitude, because I simply asked the question, I don't rightly care what your thread was posted about... 

For all we'd known, you could just as easily have been a malicious kid, trying to learn the topics for the wrong reason, and feeding us a line.

Look at it from my perspective, and what would you have ascertained?  It's relatively rare (at least around these parts) for a Helpdesk person to have anything to do with pentesting in their company, and when your post inferred lack of permissions, when you aren't in the office...

So ease up with the defensive attitude...

I'm glad to see 3xban's info was worthwhile for you.

hey you hayabusa listen to me
i dont have to explian you andDon't slander to me without a valid reason i study CEH and im beginner in hackers world if and i just spoke with 3xban not yes im a help desk in a small company as i said i wanna act like malicious hacker because my boss knows i can gain access to the web server with my cerdential in the office
and you if you dont wanna help my dont post to this topic again

you surprised me with you useful info i start scanning our web server
and i will tell about the result later thanx again and
GOOOOOOOD LUUUUUUUUCCCKKKK

Ok...  You win.  You'll get no more response (or help) from me, after this post - on this thread, or any other, because your attitude is shining through.  You're taking this way too seriously.  I asked you a question, because things seemed fishy.  You fired back, guns blazing.  Simply clarifying would have been enough.  Period.  And then we'd be getting along, wonderfully.

I even - nicely - responded at the end of my previous post, saying that I was glad 3xban's post was helpful to you.

Anyway...  Good luck in your efforts.  Whether or not you choose to believe me, I wish you well.  But until you want to realize otherwise, that my intentions were justified, you've burned a bridge.  Take care.

hello and sorry for my attitude

im so sorry for that but your attitude was not good too you never helped me about my problem look at your posts in my topic when you told me
( For all we'd known, you could just as easily have been a malicious kid, trying to learn the topics for the wrong reason, and feeding us a line. ) i was very upset because
i didnt notthing wrong im from Turkey and i cant speak english very well. by the i like to continue this conversation with you in the topic if you like it

I'm glad my information was helpful.  Though I will side with Hayabusa on the attitude adjustment.  I tend to try and help where I can here since these guys are full of awesome information and are always helpful when the need is legitimate.

My rule of thumb is that if you are new to a group such as this, you need to observe a bit.  Understand the group better and who the top players are.  If you jump right in and start off with asking questions for help, usually that is a red flag.  I am sorry that I didn't question your motives sooner but as I said, I tend to be a helpful guy.  When you get overly defensive on something, it leads us to believe your motives may be more on the UN-ethical side of things. 

As you mentioned you are from Turkey and the language barrier may have you coming off a bit more defensive than expected.  And that is fine.  From our standpoint there is at least one post a day that is someone asking for help or looking to hire someone to perform some unsavory tasks.  We tend to probe the individual before answering any questions.  I figured my suggestions were nothing you cannot find on google so I didn't see any threat in answering your questions.  If you truly mean to get educated here and use your powers for good instead of evil, then please continue being part of the community.  If not, well then like Hayabusa said, you will not get any additional help from us.

Good luck.

yes you are right

and what do you wanna know?!

@White_ghost -

No harm, no foul.  So long as you're understanding of WHY I asked what I did, initially, and we're past any hostilities, I'm happy to meet / know you.  As 3xban noted we generally 'feel out' the new person / situation, before simply replying.  Thus, my initial questioning.

That said, if you have further questions, post away, and we'll see about helping. 

Again, I / we don't mean to offend you, and if I did, you have my apologies.  As 3xban noted, I think the language barrier didn't help you to follow my meanings, and as he noted, if you dig around a bit, here, you'll see I don't generally respond with an attitude, but rather, one of caution, if I have any initial doubts.  I just ask that you consider it from our perspective, and I think you'll understand why I asked what I did, in the context of 'ethical hacking.'

Take care, and again, good luck!

hello 3xban and hayabusa
and whats up?!
i have a problem with MBSA i can scan computers in my local subnet
but about our web server i cant scan it from internet it gives me this error:

Could not resolve the computer name: . Please specify computer name, domain\cemputer, or an IP address.

and then when i user the server IP address its gives me this message
again.

my internet connectivity is well the dns server are working properly
i can ping our server i can run a port scanner like nmap on it
and every thing is great except MBSA program

i have backtrack linux can i use nikto to scan our server or whats your recommended

and again thank you for your helping
and good luck

MBSA can only be used on the internal network and you need rights to the system you are scanning.  It is a Sys Admin tool, not a penetration testing tool.  It requires a number of ports open that are typically opened to local network resources.  WMI is one of the main components it utilizes.

all right what about nikto and other web scanners on backtrack linux

I think before you just start going through tools, you should map out your plan for the demonstration. As you're using Metasploit ...

Intelligence Gathering
Steps X,Y,Z
Threat model X,Y,Z
Known/Discovered Vulnerabilites X,Y,Z
Exploitation (your Proof of concept) QED

Showing your boss a detailed plan and how you obtained the results would be more beneficial than what has been listed so far. Also, I'd be very careful if this is on a production box. Work in non-prod regions of SDLC if possible.