# Microsoft IIS

## **Introduction**

> * Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
> * From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.

***

## **Microsoft IIS Tilde Enumeration**

> * IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
> * This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
> * The tilde (`~`) character, followed by a sequence number, signifies a short file name in a URL.
> * Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
> * Assume the server contains a hidden directory named SecretDocuments.
> * When a request is sent to `http://example.com/~s`, the server replies with a `200 OK` status code, revealing a directory with a short name beginning with "s".
> * The enumeration process continues by appending more characters
> * Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
> * Fortunately, there is a tool called `IIS-ShortName-Scanner` that can automate this task.

***

## **IIS Tilde Automatic Enumeration**

**IIS ShortName Scanner:**

* GitHub Resource: <https://github.com/irsdl/IIS-ShortName-Scanner>
* Note: to use `IIS-ShortName-Scanner`, you will need to install Oracle Java.
* Refer to: <https://ubuntuhandbook.org/index.php/2022/03/install-jdk-18-ubuntu/>

**Others:**

* <https://github.com/sw33tLie/sns>
* <https://github.com/bitquark/shortscan>
* <https://github.com/nemmusu/iis_gen> - Useful to generate ad-hoc custom wordlists containing filename guesses&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.sfoffo.com/web-applications/web-technologies/microsoft-iis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.