Re: [NSE] http-iis-short-name-brute.nse

["Dev (nmap)" <dev.kyckel () gmail com>]

Good point. I'll see if I can find some statistics on the most common 
files and folders (maybe nselib/data/http-folders can be used). Would 
you happen to have access to an IIS installation for testing purposes ? :)

- Jesper

On 2012-09-16 19:26, Martin Holst Swende wrote:
> Hi,
>
> Cool, I wasn't aware of this until now!
>
> I browsed through the script, and have a comment :
> - When brute-forcing the extensions, you test each character 
> alphabetically (right?), which would take on average (26+10)/2 = 18 
> requests per character to get right. If the script instead first tried 
> the most common suffixes it would probably go way faster. (It could 
> probably be even more advanced, e.g combining the approaches by 
> guessing one character at a time according to a tree-structure based 
> on common suffixes. )
>
> Regards,
> Martin Holst Swende
>
> On 09/16/2012 05:12 PM, Dev (nmap) wrote:
> > Hi List,
> >
> > Attached is a NSE implementation of "iis-shortname-scanner-poc" from 
> > http://code.google.com/p/iis-shortname-scanner-poc/ .
> >
> > The script searches for the short name of files and dirs, example 
> > output:
> >
> > PORT   STATE SERVICE REASON
> > 80/tcp open  http
> > | http-iis-short-name-brute:
> > |   Folders
> > |     aspnet~1
> > |   Files
> > |     sql~1.bak
> > |_    test~1.php
> >
> > It still needs some testing, but currently I don't have access to an 
> > affected IIS installation. Any chance someone  here has access to an 
> > IIS installation and can test it (or grant me permission to test on 
> > the platform) ?
> >
> >
> > - Jesper
> >
> >
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived athttp://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/