Microsoft Mobile Information Server

From: Fernando Cardoso (fcardoso@trusted.pt)
Date: Fri Aug 29 2003 - 07:41:02 EDT


I'm pen-testing a customer who has a MS MIS box running on a W2K/IIS 5.0.

Has anybody pen-pest this server and want to share its findings?

Access directories are password protected (yes, I'm running a dictionary
attack and brute force will follow) and admin directories have IP ACLs
(anti-spofing measures are in place...). OS and IIS are fully patched.

Thanks in advance

Fernando

Trusted Systems - http://www.trusted.pt
Praça de Alvalade, n.º 6 - 6.º piso
1700-036 Lisboa, PORTUGAL
Tel: +351 217994200
Fax: +351 217994242

--
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT