Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Fingerprinting IIS
Posted by: firestorm
Date: October 08, 2013 10:49AM

How to fingerprint IIS? Lets say you cannot trust the server signature sent in response header (they can be masked) so is there any particular behavior or characterstics ?

I attempted to fingerprint by making HTTP/1.0 HEAD request without host header heres what I got

IIS <7 400 BAD REQUEST looks like a reliable behavior.
IIS>=7 404,301,302 .... and what not!!

Options: ReplyQuote
Re: Fingerprinting IIS
Posted by: id
Date: October 08, 2013 02:19PM

It depends a bit on what infrastructure is in front of it. If there is a LB or firewall it makes it harder, but you can check for common files with a program like Nikto or nessus and I'm sure there are a dozen other web server fingerprint programs out there.

If you can directly contact the host you may be able to connect to other services such as RPC/SNMP and get more information. Or use a network level fingerprinter such as NMAP.

-id

Options: ReplyQuote
Re: Fingerprinting IIS
Posted by: firestorm
Date: October 19, 2013 07:33AM

thanks. if there could be more known behaviors of IIS..

Options: ReplyQuote


Sorry, only registered users may post in this forum.