🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • Windows Machine
  • Enumeration
  • Linux Machine

Was this helpful?

  1. Enumeration

HTTP/ HTTPS

PreviousFingerNextLogin Attacks

Last updated 2 years ago

Was this helpful?

HTTP and HTTPS services host web services for the servers to host to the end-users. Identify the CMS employed in the web services perform basic testing regarding the CMS and test for web-based attacks, sqli, XXE, SSTI, SSRF, etc..,

Windows Machine

When the machine hosts an IIS Server always check for its version and check for an open publically available exploits

Use *-lowercase words to shorten the brute force time

raft-medium-directories-lowercase.txt from seclists etc..,

Enumeration

  • IIS Servers are by defualt vulnerable to tilde enumeration

  • Set to wont fix status by the MSRC Team

  • Abusing this reduces the directory enumeration time

  • Tool - 

 java -jar iis_shortname_scanner.jar 2 20 http://url

Linux Machine

Advised to use feroxbuster since it enumerates recursively

feroxbuster -u http://$ip -w /usr/share/wordlists/dirb/big.txt -x php,html,bak,txt,sh  -k
IIS-ShortName-Scanner