temopampara wrote:hello guys...
have a network with a IIS 7 server somewhere in the network and
i). it is only accessible within network(that means we must have to be connected with the same network to access this server, otherwise from outside of the network it is not accessible).
This means there are a limited number of IP addresses that it could have(192.168.0.1/24 can only have 254? hosts. find out what your internal IP address is and you can brute force it
temopampara wrote:ii). It is only accessible through IE(internet explorer). If we try to use some other browser then "server not found" error is occurred. It is worth to mention here is that we to use non-FQDN (none fully qualified domain names to access the server) a FQDN is a domain name having dot "." in it for example server.com. instead we use
https://server and thats it.
if you're able to spoof the user agent, you should be able to get around this. I don't know how relivant the non-FQDN thing is.
temopampara wrote:iii). On the network computers we have limited privileges so we cannot install some software to trace the ip addresses of the server.
so i guess spoofing is out of the question then?
temopampara wrote:Now the question is "how can we get the ip adress of the server ?"(beside privilege escalation or getting higher privileges on the network or system).
I'd probably try and ping every possible host in the subnet, as long as IIS will respond to pings which I don't know. That's also assuming that you're in the same subnet. Which OS are you using btw
-- Fri Apr 11, 2014 7:27 pm --
- Code: Select all
#!/usr/bin/perl
for $i (2..253){
system("timeout 1 ping -c 1 192.168.0.$i");
}
Something that i hacked together while working my way through half a semester of lecture slides. That's for linux. I'm sure windows will have a colse equivelant, It doesn't tell which specific host is the IIS server but it's where I'd start
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.
IF you feel like exchanging ASCII arrays, let me know

Can you say brainwashing It's a non stop disco