Re: assessing IIS 5.0

From: pratiksha.doshi@niiconsulting.com
Date: Tue Sep 05 2006 - 03:08:21 EDT

Next message: Butler, Theodore: "RE: assessing IIS 5.0"
Previous message: Isaac Van Name: "RE: Windows Independant GUI"
Maybe in reply to: vijay shetti: "assessing IIS 5.0"
Next in thread: Butler, Theodore: "RE: assessing IIS 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Hi,

I feel it should be given Low Threat rating as the attacker cannot directly
exploit it.

To prevent internal IP address disclosure take the following steps:

a) Open a command prompt and change the current directory to
c:\inetpub\adminscripts or to the directory where 'adminscripts' is located.

b) Execute the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc

This change will force the IIS server to use the machine host name instead
of the IP address.

Thanks
Pratiksha
Penetration tester,NII Consulting

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Next message: Butler, Theodore: "RE: assessing IIS 5.0"
Previous message: Isaac Van Name: "RE: Windows Independant GUI"
Maybe in reply to: vijay shetti: "assessing IIS 5.0"
Next in thread: Butler, Theodore: "RE: assessing IIS 5.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:54 EDT