scanning IIS/6.0 web servers

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
shan75
On the way to fame!
On the way to fame!
Posts: 32
Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Contact shan75

scanning IIS/6.0 web servers

Post by shan75 »

now i am trying to penetration on Microsoft-IIS/6.0 server with IIS 6.0 WebDav Remote Auth Bypass exploit. but when i am scanning with nmap to see Webdav is enable or not then i have got this error
nmap -n -PN -p80 --script=http-iis-webdav-vuln xxxx.com

Starting Nmap 5.21 ( http://nmap.org ) at 2010-04-16 00:52 India Standard Time
NSE: Script Scanning completed.
Nmap scan report for xxxx.com (xxx.xxx.xxx.xxx)
Host is up (0.34s latency).
PORT STATE SERVICE
80/tcp open http
|_http-iis-webdav-vuln: ERROR: This web server is not supported.

Nmap done: 1 IP address (1 host up) scanned in 24.28 seconds
i know its running Microsoft-IIS/6.0. i don't know what is the problem.

please solve this
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

Wrong section, moved
"The best place to hide a tree, is in a forest"
Top
User avatar
shan75
On the way to fame!
On the way to fame!
Posts: 32
Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Contact shan75

Post by shan75 »

why? whats wrong?
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Post by ayu »

shan75 wrote:why? whats wrong?
You posted in the tutorial section ^^


It clearly says
DON'T post new tutorials here! Please use the "Pending Submissions" board so the staff can review them first.
"The best place to hide a tree, is in a forest"
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

add the -d switch to your scan to get the debug output....best save the output to a file. then search the file for "propfind /" and check what reply the server gives to that request, nmap expects a 501 or a 207, if something else is replied nmap labels the server as "not supported"....little bug I guess.

but to give more detailed help you will have to post the output for the request... :wink:
Image
Top
User avatar
shan75
On the way to fame!
On the way to fame!
Posts: 32
Joined: 03 Dec 2009, 17:00
14
Location: india
Contact:
Contact shan75

Post by shan75 »

@bad_brain
NSE: NSE Script Threads (3) running:
NSE: Starting http-iis-webdav-vuln against xxx.xxx.xxx.xxx:80.
NSE: Starting skypev2-version against xxx.xxx.xxx.xxx:443.
NSE: Starting http-iis-webdav-vuln against xxx.xxx.xxx.xxx:443.
NSE: Finished skypev2-version against xxx.xxx.xxx.xxx:443.
NSE: http-iis-webdav-vuln: Root folder is not password protected, continuing...
NSE: http-iis-webdav-vuln: PROPFIND request failed.
NSE: Finished http-iis-webdav-vuln against xxx.xxx.xxx.xxx:443.
NSE: http-iis-webdav-vuln: Root folder is not password protected, continuing...
NSE: http-iis-webdav-vuln: PROPFIND request failed.
NSE: Finished http-iis-webdav-vuln against xxx.xxx.xxx.xxx:80.
Completed NSE at 18:10, 19.06s elapsed
NSE: Script Scanning completed.
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

darn...I actually expected it will also show the reply of the scanned server...

try to use domain.com/ instead of domain.com, if this still not works you will have to capture the traffic of the scan with wireshark so we can see what the server actually responds... :wink:
Image
Top
Post Reply

Return to “Hacking/Wardriving”