Assignment3

Assignment3 - 4) Describe the following attacks that have...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
4) Describe the following attacks that have been historically popular against IIS web servers: Showcode.asp, privilege escalation. Showcode.asp it's a script that allows a web developer to easily view the code for a number of examples included with Internet Information Server. Essentially it lets the developer view the code of a server-side script without executing it. The problem is that it does not just stop at that because with some manipulation of the URL it lets an attacker view any file on the same drive as the script. Privilege escalation allows an attacker running as guest to escalate his privileges on the web server system. The exploit allows a GUEST user (who has the rights to execute code o the system) to elevate his privileges. Once the exploit is executed, it allows an attacker to run arbitrary code on the machine with SYSTEM privileges. Usually, by using certain well-known attacks, the user can upload the exploit to the IIS virtual directory, and then remotely execute it. Alternatively, anyone with a valid
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.
Ask a homework question - tutors are online