lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <002301c335d8$cd62fb10$0b0010ac@Casa>
Date: Wed, 18 Jun 2003 21:32:56 +0100
From: "Tiago Halm" <thalm@...cabo.pt>
To: <bugtraq@...urityfocus.com>, <ms-focus@...urityfocus.com>,
   <full-disclosure@...ts.netsys.com>
Subject: [ANNOUNCE]: IISBanner 1.0


============== IISBanner ==============
Type: ISAPI Filter
Open Source: Yes
License: BSD

Description
--------------
We are proud to present a tool with the ability to change the IIS Response
Header "Server".

ISAPI Filters are the only "safe" way of managing (changing, altering,
customizing) some of the core parts of IIS. Customizing the response header
"Server" is one of those tasks. IISBanner provides a simple yet powerful,
although demonstrative, way of achieving such objective. IISBanner may be
useful at a security prespective by disguising the web server banner
(security by obscurity), but keep in mind that there are much more powerfull
ways of detecting a server type using tools like nmap.

Features
-----------
Changes IIS "Server" response header value to "Powered By IISBanner/1.0
(KodeIT)" 

Notes
-------
Instalation of this ISAPI Filter must be done at the WebServer level;
Although the Response Value could be set in a file (ex: ini), I decided to
"hard code" it to make it simple to understand the source code;
IISBanner is installed at http://www.kodeit.org and may be viewed by a
network sniffer at each HTTP response received, or through this simple VBS
script:
...
Set oHTTP = WScript.CreateObject("Microsoft.XMLHTTP")
Call oHTTP.Open("HEAD", "http://www.kodeit.org", False)
Call oHTTP.Send()
WScript.Echo oHTTP.GetAllResponseHeaders()
Set oHTTP = Nothing
...

Remarks
-----------
With the objective of providing a demonstrative feature, the current version
of this tool is not configurable.
Depending on comments (hopefully) provided, one such configurable version
may be built along with some other features added.

IISBanner can be downloaded from http://www.kodeit.org/utils/iisbanner.htm

Cheers,
Tiago Halm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ