discovering all websites running on a server

["Markus Matiaschek" <mmatiaschek () gmail com>]

Hi all,

i got a problem with a client which basically sums up: php safe_mode = off...

so far, so bad, but now i want to know first if the clients website is
the only attack vector, or if there are other sites running on the IIS
of this Windows NT machine.

Since i already have access to the server, the question how to do this
with only a IP Adress is theoretical, but nonetheless interesting.

I don't want to be too intrusive and install rootkits or stuff like
this, but i thought the information of the IIS hosted websites must be
somewhere, so i got myself some information with the following
commands:
regedit /e c:\output.txt HKEY_LOCAL_MACHINE\Software\Microsoft\
regedit /e c:\output.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\

but i can´t see any information about the clients- or any other IIS
website there.

The execution of .vbs scripts is denied, so that is not an option.

I already identified interesting folders in the wwwroot of IIS, but
none of the names of the folders or the content i tried shows up on
google.

Anyone any other Ideas?

Thank you in advance,
Markus

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------