First of all down 3 progs
1) Shadow Security Scanner (http://www.safety-lab.com/SSS.exe)
2) Proxyhunter (http://angelfire.lycos.com/nd/hallo...yht300beta5.exe)
3) Xchange(http://www.simes.clara.co.uk/programs/xchange.zip)
Install all of them (DUH! )
First of all get a good range... for good ranges check:
www.flumps.org/ip/ startup proxyhunter
menu task-> add task
press next, then you will see a few buttons
press add and add the range(s) you've found.
press next, then you will see a overview off which ports proxyhunter will scan...
press add and fill in port 80 and check Must try
Press ok and then press next and you will see the layout of proxyhunter again. press the big blue button at the left top (the play button) and proxyhunter will begin to scan
you see 3 tabs. (tasks,results and proxyswitch)
when proxyhunter is finished go to the results tab and press export. select "all results" and only check Adress&ports. Press OK
save you're results
Now close proxyhunter cause you're not gonna need it again (but don't delete the results yet cause you maybe gotta need it again)
open Xchange
fillin by find this string: 80
fill in by and replace with: a space... Not the words a space
press the green +
press the menu files-> browse for files and open the proxyhunterresults file. Again press the play button (or press F9)
When he's finished (quick fast) exit xchange and when he gives a warning press NO.
Open SSS (shadow security scanner)
first of all press the scannericon and press add policy.
select the policy complete scan (that's the only one) and press next. Give it a name and press done. Now go to ports and uncheck everything except port 80
then go to audits and uncheck everything except web servers. In webservers uncheck everything.
Then check:
IIS 5.0 Malformed URL DoS - NT5:
IIS Chunked Encoding Post:
All the IIS Cumulative - ASP
Both IIS Cumulative - HTTP Header
Both IIS Cumulative - URL error handling bug
IIS Superfluous Decoding - NT4:
IIS Superfluous Decoding - NT5:
IIS Unicode Vulnerable:
Microsoft IIS CGI Filename Decode Error Vulnerability:
press apply and then OK
select you own made scan layout, press next twice.
Now press load from file and open the proxyhunter results file... If everything is OK you'll see a bunch of ip's like 123.456.789
But you're getting a bunch ip like 123.456.789:80 repeat the xchange thingy, AIGHT?
Press done and then press the blue button (start scan)
When sss is finished press the most right button (report button)
Press add report and give it a name and press ok... Now uncheck everything except audits. Press ok and save you're html file. Now you have a nice html file with all the urls from you're results that are iis hackable. Copy all those links in a new thread @ this board and the hackers will do the rest
Please give me some feedback if I did something wrong...
sorry for my english
Good Luck