Microsoft IIS
Introduction
Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.
Microsoft IIS Tilde Enumeration
IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
The tilde (
~) character, followed by a sequence number, signifies a short file name in a URL.Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
Assume the server contains a hidden directory named SecretDocuments.
When a request is sent to
http://example.com/~s, the server replies with a200 OKstatus code, revealing a directory with a short name beginning with "s".The enumeration process continues by appending more characters
Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
Fortunately, there is a tool called
IIS-ShortName-Scannerthat can automate this task.
IIS Tilde Automatic Enumeration
IIS ShortName Scanner:
GitHub Resource: https://github.com/irsdl/IIS-ShortName-Scanner
Note: to use
IIS-ShortName-Scanner, you will need to install Oracle Java on either Pwnbox or your local VM.
Last updated