-
June 14th, 2003, 06:47 PM
#1
IIS 5.0 *.htw Files
Hi everyone,
I wanted to know what are those *.htw files in IIS 5.0 Directory
Quering the file with(say )
GET /null.htw
returns
</HTML>HTTP/1.0 200 OK
Content-Type: text/html
<HTML>
<BODY>
<h3><center>
The format of QUERY_STRING is invalid.
</center></h3>
</BODY>
warl0ck7
.:: No Remorse ::.
-
June 15th, 2003, 03:13 AM
#2
Based on the content of your post, I can only assume you are searching for a particular vulnerability in IIS for unsavory purposes. Unless you can demonstrate that you are looking for this information to provide countermeasures, I can assure you that no one here will give you the information that you want.
Also, if you had any sense at all, you'd start looking for information about IIS on Microsoft's site, not here.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 15th, 2003, 09:05 AM
#3
Thanx thehorse13,
I am not using this for any anwary purposes, niether am i intrusted in computer or web hacking. As for the microsoft site is concerned i searched every where from technet to knowledge base but found nothing, so i posted the question here. If you are uneasy about it then i can't help you.
-:Remember:-
Every one has a photographic memory some just don't have the film
[shadow]warl0ck7
.::No Remorse::. [/shadow]
-
June 15th, 2003, 11:16 AM
#4
Warlock:
For computer security Microsoft's site is not always the best bet.....
You'll find Google to be more assistance..... You should find something here
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 17th, 2003, 01:35 PM
#5
Member
To answer the original query, HTW files are part of the Index Server service that comes bundled with IIS. This service allows you to build a search engine on your web site.
As the SysAdmin of an IIS box hosting a wb site, you would create an HTML form that allows users to search your web site. They complete the form and submit it to IIS. Index Server then builds an "intermediate form" called an IDQ file. This is the file that Index Server will use to search the web site. Index Server, having run the search, then stores the resultant hits in a file called a HTX file. Any formatting of these hits (including highlighting) is defined by the Web Site SysAdmin in a file called a HTW file. Index Server applies the formatting settings stored in the HTW file to the search hits stored in the HTX file and returns the resultant HTML to the user's browser.
Got that? Basically, an HTW file is part of the Index Server service in IIS, and Index Server is the backend to a search engine utility built into IIS. The HTW file tells Index Server how to format the resultant hits of a search before passing those hits to the user. When I say formatting, I mean making the text look pretty on the screen
Index Server is full of holes, and these are documented on BugTraq. If you're not using Index Server, stop the service in "services" in Control Panel, and set it to start manually.
Regards all,
Alan Mott
-
June 17th, 2003, 03:15 PM
#6
Originally posted here by alanmott
Index Server is full of holes, and these are documented on BugTraq. If you're not using Index Server, stop the service in "services" in Control Panel, and set it to start manually.
Better set it to disabled. Manual means that if another service needs Indexing Service it will start it. Leaving you thinking it's turned off.
After stopping the Indexing Service you should also kill all those mappings that belong to it.(.htw, .idc etc). Stopping the service doesn't prevent someone from triggering a buggy dll that handles these requests. So you would still be vulnerable to a potential buffer overflow.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 19th, 2003, 12:09 PM
#7
I got it thanks every one .
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|