Sam File via IIS flaw

From: nordicsmak@yahoo.com
Date: Tue Jun 28 2005 - 15:02:54 EDT

Next message: ChayoteMu: "future Pen-tester looking for some assistance"
Previous message: Pete Herzog: "Re: Sample pent test agreement"
Next in thread: Jerome Athias: "Re: Sam File via IIS flaw"
Reply: Jerome Athias: "Re: Sam File via IIS flaw"
Reply: Peter Wood: "Re: Sam File via IIS flaw"
Reply: Prashant Meswani: "RE: Sam File via IIS flaw"
Maybe reply: skill2die4@secguru.com: "Re: Sam File via IIS flaw"
Reply: Alex Gottschalk: "Re: Sam File via IIS flaw"
Reply: David Cravshaw: "Re: Sam File via IIS flaw"
Reply: chillman: "Re: Sam File via IIS flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) During a recent penetration test I've discovered a flaw in the IIS server that allows me to browse to and view any file on the system.

I'm able to browse to the /winnt/repair/sam file, but it obviously is unusable in the format that's presented in the browser.

Any way to get this file in a format that can be used in L0pht?

Thanks,
Chris

Next message: ChayoteMu: "future Pen-tester looking for some assistance"
Previous message: Pete Herzog: "Re: Sample pent test agreement"
Next in thread: Jerome Athias: "Re: Sam File via IIS flaw"
Reply: Jerome Athias: "Re: Sam File via IIS flaw"
Reply: Peter Wood: "Re: Sam File via IIS flaw"
Reply: Prashant Meswani: "RE: Sam File via IIS flaw"
Maybe reply: skill2die4@secguru.com: "Re: Sam File via IIS flaw"
Reply: Alex Gottschalk: "Re: Sam File via IIS flaw"
Reply: David Cravshaw: "Re: Sam File via IIS flaw"
Reply: chillman: "Re: Sam File via IIS flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT