Hosting Provided By

RE: IIS 4 Security

From: Deus, Attonbitus <Thor(at)HammerofGod.com>
Date: Fri Dec 13 2002 - 11:43:35 EST

At 10:53 AM 12/11/2002, Ogle Ron (Rennes) wrote:
>Your friend is smart. You don't need to have a username/password to do many

I disagree here... Most of the buffer overflows require accessing the vulnerable .dll file, which would not be possible without authentication in the example provided by the OP.

In Henry Sieff's post, he outlined how the .HTR overflow does not require file access, and could therefore be leveraged in such a setup. However, this is not my experience an any testing I have done with similar setups. Granted, these were with default installations of Win2k/IIS5, so there may be a difference between IIS4 (which I am not going to load to test) but both directory traversal and encoding attack attempts result in an authentication request first. My HTR exploit code failed as well, a sniff indicating 401 error responses on each GET attempt.

Even standard HTTP requests such as OPTIONS failed with a 401 where one would netcat to 80.

Though not a recommended practice, I think a server config such as the OP outlined would resist most attacks even in its default installation.

AD Received on Fri Dec 13 12:50:58 2002

This message: [ Message body ]
Next message: H D Moore: "Re: IIS 4 Security"
Previous message: Jason Huan: "Exchange 5.5 delivery receipts"
Maybe in reply to: anyluser: "IIS 4 Security"
In reply to Ogle Ron (Rennes): "RE: IIS 4 Security"
Next in thread: H D Moore: "Re: IIS 4 Security"
Reply: H D Moore: "Re: IIS 4 Security"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:25 EDT