Simple get the IIS Guest account(IUSR_XXX)and the start of the process account(IWAM_XXX)password-vulnerability warning-the black bar safety net

ID MYHACK58:62200923693
Type myhack58
Reporter 佚名
Modified 2009-06-28T00:00:00


Previously wrote a post thereset IIS Guest account(IUSR_XXX)and the start of the process account(IWAM_XXX)password on, mainly used in accidentally modify the IIS inside the relevant accounts of the case. Today visiting the Bin cattle(aspxspy author)of the Blog when suddenly noticed he had an article earlier in the log referred to IIS the username and password appears to be plain text is saved, but does not say how to find out the plaintext password.

But his few words suddenly let me think I wrote earlier reset IIS password of the blog post 设置 IIS 密码 用 的 是 cscript.exe adsutil. vbs set xxxxxx, has set in most cases will also have get, a to check usage, also really have, little reading the following adsutil. vbs code, after all, vbs is a plain text script, so it is still relatively easy to find method.

Very simple:

C:\Inetpub\AdminScripts\adsutil.vbs 的 6 3 1 行 的 True 改成 False And then perform the cscript.exe adsutil. vbs get w3svc/anonymoususerpass

cscript.exe adsutil. vbs get w3svc/wamuserpass

The code is as follows


If (The UCase(IIsSchemaObject. Syntax) = "STRING") Then If (IsSecureProperty(ObjectParameter,MachineName) = False) Then 'is modified here, 6 3 1 row ValueDisplay = ValueDisplay &"""" & "****" & amp;"""" Else ValueDisplay = ValueDisplay &"""" & ValueList &"""" End If

ElseIf (The UCase(IIsSchemaObject. Syntax) = "BINARY") Then


No map no truth(this sentence is a reference o(∩_∩)o...)