On 2 November 2010 19:34, <[email protected]> wrote: > I would look at everything in the program files directories to find file > versions and look for configuration files that might have embedded passwords > (plaintext or encrypted). SQL scripts or backup scripts could contain > passwords. Also user profiles for stored passwords, cookies, and lists of > recent websites/documents.
Without being able to do directory listings a lot of this won't work. Robin > > Bart > ------Original Message------ > From: Robin Wood > Sender: [email protected] > To: PaulDotCom Mailing List > ReplyTo: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] with full read access what would you read > Sent: Nov 2, 2010 11:52 AM > > On a recent test I found a website with a directory traversal attack > that let me read any file. The server was Win 2003 and I read the > obvious win.ini and boot.ini. I then read the Administrators > desktop.ini to prove I could. I tried but couldn't read the registry > files (not expected but worth trying). > > The web server was an unusual one, part of an app so I couldn't find > the web root. The IIS web root just had an "Under Construction" file > in it so nothing interesting in there. > > So, without being able to do directory listings to see what is there, > what files would you read on this box and why? > > Robin > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > Sent from my Verizon Wireless BlackBerry > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
