Microsoft IIS

Introduction

  • Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.

  • From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.


Microsoft IIS Tilde Enumeration

  • IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.

  • This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.

  • The tilde (~) character, followed by a sequence number, signifies a short file name in a URL.

  • Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.

  • Assume the server contains a hidden directory named SecretDocuments.

  • When a request is sent to http://example.com/~s, the server replies with a 200 OK status code, revealing a directory with a short name beginning with "s".

  • The enumeration process continues by appending more characters

  • Manually sending HTTP requests for each letter of the alphabet can be a tedious process.

  • Fortunately, there is a tool called IIS-ShortName-Scanner that can automate this task.


IIS Tilde Automatic Enumeration

IIS ShortName Scanner:

Others:

Last updated