.

how to exploit iis 6

<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Mon Oct 31, 2011 1:24 am

how to exploit iis 6

Hello and please help me !
im a new member of ethicalhacker.net its prety good but i have bad damn problem with iis 6. in pentration test duration. the webDAV service is closed on the iis web server and icant use web dav exploit please help me to exploit the iis server
MCITP CCENT
<<

millwalll

Post Mon Oct 31, 2011 4:32 am

Re: how to exploit iis 6

If you don't have access to webdav try and think what you do have access too. Maybe you cant exploit the machine!
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Mon Oct 31, 2011 4:59 am

Re: how to exploit iis 6

No mr Jamie.R i scanned the web server with metasploit webdav scanner ans i sure the webdav service is of other iis exploits in metasploit is for iis 4 and 5 is not for iis 6 do you have an exploit code or a tool or some thing like that
MCITP CCENT
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Mon Oct 31, 2011 6:07 am

Re: how to exploit iis 6

i can crack the ftp passwoed but about the iis not thing please heeeeeelp mee!!!!!!!!!!!!!!!!!!!!!! ;)
MCITP CCENT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Oct 31, 2011 8:55 am

Re: how to exploit iis 6

It is possible that the webDAV service may have been patched or a workaround has been configured to prevent such attack.  What exploit are you trying to use?  CVE?
Certs: GCWN
(@)Dewser
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Mon Oct 31, 2011 12:22 pm

Re: how to exploit iis 6

i wanna use iis webdav upload asp exploit in metasploit with windows\meterpreter\reverse tcp but its not working
MCITP CCENT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Oct 31, 2011 1:58 pm

Re: how to exploit iis 6

What is the error you receive?  Are you attacking from internal or external?  A number of factors may come into play.  Firewall may be using egress filtering and not allowing the traffic to go out over your reverse_tcp session.  IPS may be blocking the attack or the admins may have implemented the workaround from http://osvdb.org/397.&nbsp;
Certs: GCWN
(@)Dewser
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 1:00 am

Re: how to exploit iis 6

When the exploit process is completed the metasploit gives me this message (exploit is completed but no session was created) i think you are right maybe the firewall is block my session do you have solution for this?
MCITP CCENT
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 1:41 am

Re: how to exploit iis 6

and i forgot to tell you something 3xban my attack to the web server is external


Thanx alot for helping me
MCITP CCENT
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 9:02 am

Re: how to exploit iis 6

iAnyone have another exploit or tools to hack iid 6?
MCITP CCENT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Nov 01, 2011 9:07 am

Re: how to exploit iis 6

You may have to consider another way to pop the box.  IIS may not be a viable attack vector if it has been properly hardened and the outter defenses are also hardened.  Just because something is present, doesn't always mean it is exploitable.
Certs: GCWN
(@)Dewser
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 9:16 am

Re: how to exploit iis 6

Yes 3xban but i must show iis vulnerability to my boss he likes this
damn service and also i cant go to my office and attack to the web server
MCITP CCENT
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Nov 01, 2011 9:20 am

Re: how to exploit iis 6

Well there is nothing wrong with IIS.  The other option is to run a vulnerability scan against it using  a tool like NESSUS or run Microsoft Baseline Security Analyzer (MBSA) against it to see if there are any issues that need resolving.  If the NESSUS scan and MBSA scans come back clean, then there isn't much else to report.  If there is any specific Web Application running (other than IIS) then you can utilize a number of Web App security testing packages to report if there are any vulnerabilities there. 

So why can't you review the box at the office?
Certs: GCWN
(@)Dewser
<<

White ghost

User avatar

Newbie
Newbie

Posts: 36

Joined: Sun Oct 30, 2011 11:21 am

Location: ASIA

Post Tue Nov 01, 2011 9:39 am

Re: how to exploit iis 6

because i wanna act like a malicious hacker im a help desk an my office i have credential on the office but work is not malicious i have
permission to do that!
MCITP CCENT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Nov 01, 2011 10:44 am

Re: how to exploit iis 6

Wait...  You're saying you're 'helpdesk' and at work you have permission, but you DON'T for this?

Are you certain you've been assigned to, or are being allowed to, test this website / webserver?

This thread reads like you're trying to prove a point, without permission.....

Please clarify EXACTLY what it is you're doing, and why.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software