Results 1 to 7 of 7

Thread: IIS 5.0 *.htw Files

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    188

    IIS 5.0 *.htw Files

    Hi everyone,

    I wanted to know what are those *.htw files in IIS 5.0 Directory
    Quering the file with(say )

    GET /null.htw

    returns

    </HTML>HTTP/1.0 200 OK
    Content-Type: text/html
    <HTML>
    <BODY>


    <h3><center>
    The format of QUERY_STRING is invalid.

    </center></h3>
    </BODY>

    warl0ck7
    .:: No Remorse ::.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Based on the content of your post, I can only assume you are searching for a particular vulnerability in IIS for unsavory purposes. Unless you can demonstrate that you are looking for this information to provide countermeasures, I can assure you that no one here will give you the information that you want.

    Also, if you had any sense at all, you'd start looking for information about IIS on Microsoft's site, not here.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Thanx thehorse13,

    I am not using this for any anwary purposes, niether am i intrusted in computer or web hacking. As for the microsoft site is concerned i searched every where from technet to knowledge base but found nothing, so i posted the question here. If you are uneasy about it then i can't help you.

    -:Remember:-
    Every one has a photographic memory some just don't have the film


    [shadow]warl0ck7
    .::No Remorse::.
    [/shadow]

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Warlock:

    For computer security Microsoft's site is not always the best bet.....

    You'll find Google to be more assistance..... You should find something here
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    To answer the original query, HTW files are part of the Index Server service that comes bundled with IIS. This service allows you to build a search engine on your web site.

    As the SysAdmin of an IIS box hosting a wb site, you would create an HTML form that allows users to search your web site. They complete the form and submit it to IIS. Index Server then builds an "intermediate form" called an IDQ file. This is the file that Index Server will use to search the web site. Index Server, having run the search, then stores the resultant hits in a file called a HTX file. Any formatting of these hits (including highlighting) is defined by the Web Site SysAdmin in a file called a HTW file. Index Server applies the formatting settings stored in the HTW file to the search hits stored in the HTX file and returns the resultant HTML to the user's browser.

    Got that? Basically, an HTW file is part of the Index Server service in IIS, and Index Server is the backend to a search engine utility built into IIS. The HTW file tells Index Server how to format the resultant hits of a search before passing those hits to the user. When I say formatting, I mean making the text look pretty on the screen

    Index Server is full of holes, and these are documented on BugTraq. If you're not using Index Server, stop the service in "services" in Control Panel, and set it to start manually.

    Regards all,

    Alan Mott

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by alanmott
    Index Server is full of holes, and these are documented on BugTraq. If you're not using Index Server, stop the service in "services" in Control Panel, and set it to start manually.
    Better set it to disabled. Manual means that if another service needs Indexing Service it will start it. Leaving you thinking it's turned off.

    After stopping the Indexing Service you should also kill all those mappings that belong to it.(.htw, .idc etc). Stopping the service doesn't prevent someone from triggering a buggy dll that handles these requests. So you would still be vulnerable to a potential buffer overflow.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •