Re: [PEN-TEST] Question regarding IIS method options & www versio n

["Oman, R. Andrew" <Andrew.Oman () GLOBALINTEGRITY COM>]

To change the information IIS returns from a HTTP HEAD command, simply edit
the W3SVC.dll ( in the winnt/system32/inetsvr directory ) and replace the
instances of MICROSOFT IIS/ 4.0 with
whatever you would like. I have not done any extensive checking on what
other locations banner/version info might be in. I can try to dig up the
same info for Netscape (I have it somewhere!)unless someone posts it before
I can find it.

Andrew

> However Netscape and IIS I haven't been able to find any
> documentation removing these options & version.  Is it even
> possible?  The  RFC says this should be a configurable option.


You should be able to use a hex editor and either change or pre-empt
(with \0) the strings for these commands. In another list we were
discussing changing the banner that identifies IIS' FTP and web
services. The same way you should be able to 'remove' the strings for
LINK, PUT, DELETE and whatever else you would like to remove.

Regards,
Frank


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOi3E5kRKym0LjhFcEQJoeQCg1JGXd+IZ0G9z1DN+OlgEstZF7FUAoMlM
vGVQ6Twxarw0jI4dJ4lygoVI
=90WF
-----END PGP SIGNATURE-----