|
-
August 30th, 2002, 05:46 PM
#1
how to edit MS IIS Banner/Version header information?
Is there a manual process or hands on way to edit that information so when someone nmaps my IIS system it doesnt show up as [MS IIS Web Server Ver 5.0] etc?
I found a few programs that will do it, but im curious where the information/settings are stored in the registry or in the program.
Any help would be appreciated.
-
August 30th, 2002, 06:08 PM
#2
http://lists.jammed.com/pen-test/2001/12/0047.html
Seems to indicate that IIS Lockdown will do it if you set it up to do that... be careful though, IIS lockdown can sometimes get pretty zealous and make stuff stop working, so be judicious and limit changes to one at a time so that you can back them out if it breaks ...
Neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
September 4th, 2002, 09:47 PM
#3
Junior Member
Re: how to edit MS IIS Banner/Version header information?
Yes, URLscan will do it. You have to specify a AlternateServerName if you want to replace the server header with, say, Apache/1.3.9 (Unix)
-
September 4th, 2002, 09:52 PM
#4
One thing I forgot to mention in the post, that just occured to me when I read back over it was that the above article indicated that it was NOT possible to manually change the headers, especially in IIS 5+ because those headers are defined in a certain dll (it is mentioned in the article but I forget which one it was) and you would have to be uber good to rewrite it (or at least that is what they were indicating). The basic thing I was getting at was why risk destroying the dll when you can use somethng like IISLockdown (provided free by microsoft to lock down their horrendously insecure default installations) that will do it for you...
Neb
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
September 22nd, 2002, 01:51 PM
#5
Junior Member
If you just want to change banners and nothing else, for Windows IIS, SMTP, FTP services, then N-Stalker have some free tools for this at:
http://www.nstalker.com/banners.php
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
