Nothing makes me happier than knowing I've wasted hours of their time chasing their own tails.
High-tier blackhats focus on big targets, and low-tier ones focus on low-hanging fruits they find off shodan or application 0days they've found.
https://memes.getyarn.io/yarn-clip/e9d8176d-e936-4224-a1d1-f...
Bear Defense Plan: Hide, Non-lethal, Lethal.
Is this exposing the underlying OS's behavior coupled with the fact that the IIS document root is `C:\Inetpub` by default? Eight-dot-three filenames are enabled by default on the C drive but disabled by default on all other drives on Windows 10/11:
PS> (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion
24H2
PS> fsutil 8dot3name query C:
The volume state is: 0 (8dot3 name creation is ENABLED)
The registry state is: 2 (Per volume setting - the default)
Based on the above settings, 8dot3 name creation is ENABLED on "C:"
PS> fsutil 8dot3name query U:
The volume state is: 1 (8dot3 name creation is DISABLED)
The registry state is: 2 (Per volume setting - the default)
Based on the above settings, 8dot3 name creation is DISABLED on "U:"https://www.pcworld.com/article/2684062/why-is-windows-11-la...
While that's still pretty vague, it sounds like the issue was that something running as SYSTEM (the page seems to indicate some part of Windows Update) was not correctly checking if inetpub was a symlink or something along those lines. It also links to a script to set ACLs on that directory; presumably that's not possible to do if the directory doesn't exist.
It would probably be better to fix whatever component to not have the link traversal bug, but maybe there's some reason that makes the proper fix infeasible…
Everything old is new again https://devblogs.microsoft.com/oldnewthing/20041116-00/?p=37... (2004)
I got no response to that command on my W10 box, turns out for older (eg LTSC) versions it appears to need:
(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').ReleaseId
1809Once upon a time, all server logs were basically unusable because of the amount of IIS scanners out there. There was a directory traversal that was literally just url encoding “../“ that absolutely lit the internet on fire for many months.
The article lists all the tricks I’ve collected over the years doing pentesting and then some, with great tool references. The signal to noise ratio is very high and there’s little “here’s why” filler which instead might just be someone’s way of storytelling. The article drones on, but with actual content as there is a lot to tell. It’s even light on features like trace.axd, but does mention them and their purposes.
I found it an entertaining overview of taking apart unassuming IIS servers and the point of “Recon harder. ” is made very well :)
Edit: s/boring/unassuming + added point was made very well
Found the LLM generated part.
> Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
While few read them, it might be helpful if @dang threw in the ", or LLM generated content".
If we are having a conversation with the author through their article, then the prose should be human too. :^)
If someone writes an interesting article using LLM, I don't mind.
I have trying to fight this war and lose-- this default lazy behaviour "I dont like this post so it must be llm" followed by some idiotic example
Its become a fad here. Half the people dont read any post, just skim it and post "this is llm" and move on
I rather read bad awkward human writing than LLM generated paragraph number 9 billion.
Can you do all this on Linux? Yes. Will it ever be set up correctly? Depends where you work, but based on my experience so far, not likely.
I worked with customer's AD environments in the 2010's and I remember whiteboards of figuring out customer Kerberos config. "it all just works" is not my recollection of that 3-headed beast lmao.
And as an ignoramus: what it is that you are supposed to be using nowadays?
Think in the context of a small company making enterprise .NET (framework) code where Windows is the world, cloud wouldn't fly with the customers, SOAP is still king and your one IT guy is too busy to notice anything happened after 2010. Suppose also that entire software rewrites are impossibly impractical, and that while you'd love to take some security gains, you just don't have the capacity to do configuration deep dives let alone to gamble on something complex like Kubernetes.
Every large company big enough to host an intranet is running IIS somewhere, possibly everywhere. It integrates well with AD so some really complex tasks become stupid simple.
It's seeing less and less usage as the world moves to AWS which is equally stupid because you're tied to one vendor's proprietary products (Amazon) again. Except this time you don't own the hardware.
Public sector IT loves IIS. Check your municipality's tax or property website it's probably got .aspx scripts out the ass.
I've seen it hosting European web apps, public sector if I recall. Lots of bespoke .NET applications out there with SQL Server backends running entire local governments.
Asian countries especially China and Taiwan love IIS and use it to host anything and everything. This is a personal observation.
Sure the world has mostly moved on, but there's tons of legacy code out there that keeps cities and really important organizations humming that runs on IIS and it's never changing.
You think that's bad, there's still places out there running AS/400 stuff on the web, Lotus Notes, and Novell Groupwise (gasp).
A lot of Microsoft devs know very little Linux historically as they used windows and are comfortable with it
Decreasing due to cloud and Nodejs takeup
Nothing internet facing mind.
I read the prerequisites of whatever software im asked to install and do what it says.
I'm not spending the next 3 years of my life trying to make some monitoring platform run on WebLogic i have other jobs to do in 4-8-12 hours.
I can't tell if you're being sarcastic, but on my full desktop browser the side bar overlaps the main panel, putting text on top of other text.
P.S. Other than this, I do like the presentation.
The author has yet to learn the extent to which civilization depends on people not being cunts to one another for no good reason.
note: Don't take this as your cue to start messing around with black hat. Don't become the guy trying to explain to your cell mate who's doing 50 years for a violent crimes what a unauthenticated supabase table is and why you deleted it.