| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: wesley.howell at landg.com (Howell, Wesley)
Subject: [ANNOUNCE]: IISBanner 1.0
The ability to change the IIS server header is a ready available in the
URLScan tool avalible from Microsoft. It also has the ability to restrict
certain http requests.
See the below link
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/tools/urlscan.asp
Cheers
Wes
-----Original Message-----
From: Tiago Halm [mailto:thalm@...cabo.pt]
Sent: 19 June 2003 02:32
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] [ANNOUNCE]: IISBanner 1.0
============== IISBanner ==============
Type: ISAPI Filter
Open Source: Yes
License: BSD
Description
--------------
We are proud to present a tool with the ability to change the IIS Response
Header "Server".
ISAPI Filters are the only "safe" way of managing (changing, altering,
customizing) some of the core parts of IIS. Customizing the response header
"Server" is one of those tasks. IISBanner provides a simple yet powerful,
although demonstrative, way of achieving such objective. IISBanner may be
useful at a security prespective by disguising the web server banner
(security by obscurity), but keep in mind that there are much more powerfull
ways of detecting a server type using tools like nmap.
Features
-----------
Changes IIS "Server" response header value to "Powered By IISBanner/1.0
(KodeIT)"
Notes
-------
Instalation of this ISAPI Filter must be done at the WebServer level;
Although the Response Value could be set in a file (ex: ini), I decided to
"hard code" it to make it simple to understand the source code; IISBanner is
installed at http://www.kodeit.org and may be viewed by a network sniffer at
each HTTP response received, or through this simple VBS script: ... Set
oHTTP = WScript.CreateObject("Microsoft.XMLHTTP")
Call oHTTP.Open("HEAD", "http://www.kodeit.org", False)
Call oHTTP.Send()
WScript.Echo oHTTP.GetAllResponseHeaders()
Set oHTTP = Nothing
...
Remarks
-----------
With the objective of providing a demonstrative feature, the current version
of this tool is not configurable. Depending on comments (hopefully)
provided, one such configurable version may be built along with some other
features added.
IISBanner can be downloaded from http://www.kodeit.org/utils/iisbanner.htm
Cheers,
Tiago Halm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This e-mail (and any attachments) may contain privileged and/or confidential information. If you are not the intended recipient please do not disclose, copy, distribute, disseminate or take any action in reliance on it. If you have received this message in error please reply and tell us and then delete it. Should you wish to communicate with us by e-mail we cannot guarantee the security of any data outside our own computer systems. For the protection of Legal & General's systems and staff, incoming emails will be automatically scanned.
Any information contained in this message may be subject to applicable terms and conditions and must not be construed as giving investment advice within or outside the United Kingdom.
Representative only of the Legal & General marketing group, members of which are regulated by the Financial Services Authority for the purposes of advising on life assurance and investment products bearing Legal & General's name.
Legal & General Group PLC, Temple Court, 11 Queen Victoria Street, London, EC4N 4TP.
Registered in England no: 166055.
Powered by blists - more mailing lists