IIS 7 server ip adress tracking

What's the best way to setup a home network? Why should I care about BGP?

IIS 7 server ip adress tracking

Post by temopampara on Fri Apr 11, 2014 1:57 am
([msg=80213]see IIS 7 server ip adress tracking[/msg])

hello guys...

i have a network with a IIS 7 server somewhere in the network and

i). it is only accessible within network(that means we must have to be connected with the same network to access this server, otherwise from outside of the network it is not accessible).

ii). It is only accessible through IE(internet explorer). If we try to use some other browser then "server not found" error is occurred. It is worth to mention here is that we to use non-FQDN (none fully qualified domain names to access the server) a FQDN is a domain name having dot "." in it for example server.com. instead we use https://server and thats it.

iii). On the network computers we have limited privileges so we cannot install some software to trace the ip addresses of the server.

Now the question is "how can we get the ip adress of the server ?"(beside privilege escalation or getting higher privileges on the network or system).

Note: i have googled it several times but cannot find some usefull info yet.
temopampara
New User
New User
 
Posts: 2
Joined: Fri Apr 11, 2014 1:40 am
Blog: View Blog (0)


Re: IIS 7 server ip adress tracking

Post by pretentious on Fri Apr 11, 2014 2:19 am
([msg=80214]see Re: IIS 7 server ip adress tracking[/msg])

temopampara wrote:hello guys...
have a network with a IIS 7 server somewhere in the network and

i). it is only accessible within network(that means we must have to be connected with the same network to access this server, otherwise from outside of the network it is not accessible).

This means there are a limited number of IP addresses that it could have(192.168.0.1/24 can only have 254? hosts. find out what your internal IP address is and you can brute force it
temopampara wrote:ii). It is only accessible through IE(internet explorer). If we try to use some other browser then "server not found" error is occurred. It is worth to mention here is that we to use non-FQDN (none fully qualified domain names to access the server) a FQDN is a domain name having dot "." in it for example server.com. instead we use https://server and thats it.
if you're able to spoof the user agent, you should be able to get around this. I don't know how relivant the non-FQDN thing is.
temopampara wrote:iii). On the network computers we have limited privileges so we cannot install some software to trace the ip addresses of the server.
so i guess spoofing is out of the question then? :P
temopampara wrote:Now the question is "how can we get the ip adress of the server ?"(beside privilege escalation or getting higher privileges on the network or system).

I'd probably try and ping every possible host in the subnet, as long as IIS will respond to pings which I don't know. That's also assuming that you're in the same subnet. Which OS are you using btw

-- Fri Apr 11, 2014 7:27 pm --

Code: Select all
#!/usr/bin/perl
for $i (2..253){
   system("timeout 1 ping -c 1 192.168.0.$i");
}

Something that i hacked together while working my way through half a semester of lecture slides. That's for linux. I'm sure windows will have a colse equivelant, It doesn't tell which specific host is the IIS server but it's where I'd start
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 667
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: IIS 7 server ip adress tracking

Post by cyberdrain on Fri Apr 11, 2014 8:06 am
([msg=80217]see Re: IIS 7 server ip adress tracking[/msg])

temopampara wrote:i). it is only accessible within network(that means we must have to be connected with the same network to access this server, otherwise from outside of the network it is not accessible).

ii). It is only accessible through IE(internet explorer). If we try to use some other browser then "server not found" error is occurred. It is worth to mention here is that we to use non-FQDN (none fully qualified domain names to access the server) a FQDN is a domain name having dot "." in it for example server.com. instead we use https://server and thats it.

iii). On the network computers we have limited privileges so we cannot install some software to trace the ip addresses of the server.


I have yet to find a network that's so tightly controlled it won't run portable apps. Most of the time you're able to run Firefox or other portable software and use a spoofed user agent, which will fix i), ii) and iii). Also, be sure that Internet Explorer doesn't include any specific cookies or settings the server recognizes, otherwise every browser will get an error message. I'm going to guess that 'limited privileges' means you have to use a non-administrator account, something every sane network administrator will probably do. If you meant 'group policy' then it's a whole different matter.

Have you tried netstat or either ping/tracert/nslookup https://server? If those are blocked, copy them to the desktop, rename them and run again or run them from a .BAT file. And I agree with pretentious: why is it relevant that it's a non-FQDN? Additionally, I'm pretty sure a network administrator (if you are not) won't be happy if he finds you scanning his network, so be sure to have permission (we won't help you do something illegal).

pretentious wrote:Which OS are you using btw

I'm going to assume Windows Vista/7 as host and Windows Server 2008 as target judging by the use of Internet Explorer and IIS 7.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1138
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: IIS 7 server ip adress tracking

Post by 0phidian on Fri Apr 11, 2014 9:18 am
([msg=80223]see Re: IIS 7 server ip adress tracking[/msg])

If you know the domain name then just use nslookup.
From command line:
Code: Select all
nslookup server.com
User avatar
0phidian
Poster
Poster
 
Posts: 270
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: IIS 7 server ip adress tracking

Post by temopampara on Fri Apr 11, 2014 10:40 am
([msg=80224]see Re: IIS 7 server ip adress tracking[/msg])

pretentious wrote:Which OS are you using btw

Thanks for help guys..
i can boot the system from USB drive it means i can use any linux based OS. for the time being i am using Backtrack 5 from a USB drive.
temopampara
New User
New User
 
Posts: 2
Joined: Fri Apr 11, 2014 1:40 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests