Microsoft IIS

Introduction

Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.

Microsoft IIS Tilde Enumeration

IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
The tilde (~) character, followed by a sequence number, signifies a short file name in a URL.
Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
Assume the server contains a hidden directory named SecretDocuments.
When a request is sent to http://example.com/~s, the server replies with a 200 OK status code, revealing a directory with a short name beginning with "s".
The enumeration process continues by appending more characters
Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
Fortunately, there is a tool called IIS-ShortName-Scanner that can automate this task.

IIS Tilde Automatic Enumeration

IIS ShortName Scanner:

Note: to use IIS-ShortName-Scanner, you will need to install Oracle Java.

Others:

Last updated 1 month ago

Was this helpful?

Microsoft IIS

Introduction

Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.

Microsoft IIS Tilde Enumeration

IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
The tilde (~) character, followed by a sequence number, signifies a short file name in a URL.
Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
Assume the server contains a hidden directory named SecretDocuments.
When a request is sent to http://example.com/~s, the server replies with a 200 OK status code, revealing a directory with a short name beginning with "s".
The enumeration process continues by appending more characters
Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
Fortunately, there is a tool called IIS-ShortName-Scanner that can automate this task.

IIS Tilde Automatic Enumeration

IIS ShortName Scanner:

GitHub Resource:
Note: to use IIS-ShortName-Scanner, you will need to install Oracle Java.
Refer to:

Others:

- Useful to generate ad-hoc custom wordlists containing filename guesses

Last updated 1 month ago

Was this helpful?