Rendered at 07:09:42 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
naturalmovement 7 hours ago [-]
I front all my honeypots with the IIS landing page precisely because it attracts black hat jagoffs.
Nothing makes me happier than knowing I've wasted hours of their time chasing their own tails.
p1necone 6 hours ago [-]
Why stop there? Front the honeypot with a real IIS server, build a matryoshka doll of honeypots and see how far people get.
DaSHacka 4 hours ago [-]
Unless you're honeypotting in the IP range of an established organization, all you're doing is getting bot traffic.
High-tier blackhats focus on big targets, and low-tier ones focus on low-hanging fruits they find off shodan or application 0days they've found.
bitwize 2 hours ago [-]
"Guys, guys, guys, listen, listen, listen. So I'm in this computer, right? So I'm lookin' around, lookin' around, throwing commands at it, I don't know where it is or what it does or anything..."
forgetfreeman 1 hours ago [-]
Some ATM in bumsville Idaho spit $700 into the middle of the street.
wildlogic 1 hours ago [-]
joey, is that you!?
stavros 54 minutes ago [-]
Where's that from?
bryanrasmussen 34 minutes ago [-]
I think it's from hackers, Joey the youngest hacker found the bad guys computers, not sure if it's an accurate quote since it's been years since I saw it.
wil421 4 hours ago [-]
Tell me more…I opened a plex and Nintendo switch port, the scans were out of control. I’d love to screw over port scanner over.
themafia 7 hours ago [-]
Noise is a really underrated security layer.
Lammy 6 hours ago [-]
> IIS has a legacy behavior inherited from the old DOS 8.3 filename convention.
Is this exposing the underlying OS's behavior coupled with the fact that the IIS document root is `C:\Inetpub` by default? Eight-dot-three filenames are enabled by default on the C drive but disabled by default on all other drives on Windows 10/11:
PS> (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').DisplayVersion
24H2
PS> fsutil 8dot3name query C:
The volume state is: 0 (8dot3 name creation is ENABLED)
The registry state is: 2 (Per volume setting - the default)
Based on the above settings, 8dot3 name creation is ENABLED on "C:"
PS> fsutil 8dot3name query U:
The volume state is: 1 (8dot3 name creation is DISABLED)
The registry state is: 2 (Per volume setting - the default)
Based on the above settings, 8dot3 name creation is DISABLED on "U:"
Tangentially, that reminds me of how a Windows update created c:\inetpub on everybody's non-server computers, to "increase protection" for unspecified reasons.
One confusing part is that the blue screen is not a reference to BSOD but to the IIS default page with the blue squares. That’s probably jargon.
The article lists all the tricks I’ve collected over the years doing pentesting and then some, with great tool references. The signal to noise ratio is very high and there’s little “here’s why” filler which instead might just be someone’s way of storytelling. The article drones on, but with actual content as there is a lot to tell. It’s even light on features like trace.axd, but does mention them and their purposes.
I found it an entertaining overview of taking apart unassuming IIS servers and the point of “Recon harder. ” is made very well :)
Edit: s/boring/unassuming + added point was made very well
merpkz 57 minutes ago [-]
"This is the brute-force fallback when the smart approaches fail, and honestly, it works more often than you’d expect."
Found the LLM generated part.
suslik 52 minutes ago [-]
Honestly, given how much claude-based prose I was recently reading, I am worried I will soon naturally write exactly like this.
Tiberium 2 hours ago [-]
It did, this article is clearly LLM-written/edited
helloplanets 55 minutes ago [-]
Would be a feat on its own to get Claude to write on a topic like this.
MagicMoonlight 1 hours ago [-]
[dead]
t1234s 5 hours ago [-]
Does anyone use IIS anymore?
samplatt 4 hours ago [-]
Way, WAY too many corporate IT divisions.
qingcharles 5 hours ago [-]
Yeah, I regularly speak to folks still running IIS on Windows Server. There are a lot of old apps out there, sadly. Some really, really important ones.
naturalmovement 4 hours ago [-]
Some banks still use IIS.
Every large company big enough to host an intranet is running IIS somewhere, possibly everywhere. It integrates well with AD so some really complex tasks become stupid simple.
It's seeing less and less usage as the world moves to AWS which is equally stupid because you're tied to one vendor's proprietary products (Amazon) again. Except this time you don't own the hardware.
Public sector IT loves IIS. Check your municipality's tax or property website it's probably got .aspx scripts out the ass.
I've seen it hosting European web apps, public sector if I recall. Lots of bespoke .NET applications out there with SQL Server backends running entire local governments.
Asian countries especially China and Taiwan love IIS and use it to host anything and everything. This is a personal observation.
Sure the world has mostly moved on, but there's tons of legacy code out there that keeps cities and really important organizations humming that runs on IIS and it's never changing.
You think that's bad, there's still places out there running AS/400 stuff on the web, Lotus Notes, and Novell Groupwise (gasp).
forkerenok 50 minutes ago [-]
Heyyy what's wrong with novel groupwise?
raesene9 28 minutes ago [-]
Well its document management feature didn't used to have Anti-Virus support which caused me a load of problems back in the 90's when Word Macro viruses were common. :P
I read the prerequisites of whatever software im asked to install and do what it says.
I'm not spending the next 3 years of my life trying to make some monitoring platform run on WebLogic i have other jobs to do in 4-8-12 hours.
vlan0 5 hours ago [-]
The entire solarwinds platform(barf)
thedougd 4 hours ago [-]
Amazingly some companies like Hyland still ship software that requires IIS. Bonus add are the pages and pages of setup instructions.
esikich 4 hours ago [-]
Yes, but typically just internal corporate intraweb stuff from what I've seen.
mpyne 5 hours ago [-]
Tons of the Navy's public websites still run on it.
jimt1234 1 hours ago [-]
Back in the early-2000s, I passed the Microsoft certification exam for IIS. I had never even heard of the product (I was told my company had some extra credits at the testing center, I was there taking another exam (Solaris 8 certification), so I figured why not?) I know, MCSE exams were notoriously simple back then, but good god - usually, for every question, 3 of the 4 possible answers didn't even make sense. Anyway, I figured there was no way IIS would last if any dipshit could become "certified" in the product.
bitwize 1 hours ago [-]
That's the value add. Any dipshit can be trained in the Windows server stack, so you can staff your back office with dipshits. For a while in the early 2000s—before the cloud era—Windows was routinely found to have a lower TCO than Linux as a server OS for precisely this reason. More actual deployments too, especially in corporate intranets.
AuthAuth 7 hours ago [-]
Ah webpage formatting cooked but otherwise a fun read
Group_B 6 hours ago [-]
Would love to see a write yo on nginx!
sytelus 6 hours ago [-]
This is extremely well done design (at least on full desktop browsers). Amazing content as well.
aix1 3 hours ago [-]
> This is extremely well done design (at least on full desktop browsers).
I can't tell if you're being sarcastic, but on my full desktop browser the side bar overlaps the main panel, putting text on top of other text.
P.S. Other than this, I do like the presentation.
Shellban 2 hours ago [-]
It looks decent on my 1920x1080p window running on a 4K monitor, but I have overlapping problems on my M1 Macbook.
mopsi 6 hours ago [-]
"Amazing" is a little generous for script kiddie stuff from the early 2000s.
The author has yet to learn the extent to which civilization depends on people not being cunts to one another for no good reason.
BalinKing 5 hours ago [-]
The lead says "how I approach IIS targets during bug bounty" (emphasis mine), so (assuming the author is being truthful) I'm guessing the tone of the title is just for fun.
caspper69 6 hours ago [-]
Ah yes, the lulz, the great American pastime.
deadbabe 6 hours ago [-]
Civilization has a way of dealing with these individuals: prison.
dakolli 3 hours ago [-]
There's like 90,000 computer fraud reports sent to the federal government every year and about 400 prosecutions total. Most of those are concentrated in whatever niche abuse category the government is focused on at the time (right now, crypto/phishing/ransomware).
note: Don't take this as your cue to start messing around with black hat. Don't become the guy trying to explain to your cell mate who's doing 50 years for a violent crimes what a unauthenticated supabase table is and why you deleted it.
cindyllm 6 hours ago [-]
[dead]
NooneAtAll3 3 hours ago [-]
what's the deal with left sidebar overlapping the main text?
Nothing makes me happier than knowing I've wasted hours of their time chasing their own tails.
High-tier blackhats focus on big targets, and low-tier ones focus on low-hanging fruits they find off shodan or application 0days they've found.
Is this exposing the underlying OS's behavior coupled with the fact that the IIS document root is `C:\Inetpub` by default? Eight-dot-three filenames are enabled by default on the C drive but disabled by default on all other drives on Windows 10/11:
https://www.pcworld.com/article/2684062/why-is-windows-11-la...
Everything old is new again https://devblogs.microsoft.com/oldnewthing/20041116-00/?p=37... (2004)
The article lists all the tricks I’ve collected over the years doing pentesting and then some, with great tool references. The signal to noise ratio is very high and there’s little “here’s why” filler which instead might just be someone’s way of storytelling. The article drones on, but with actual content as there is a lot to tell. It’s even light on features like trace.axd, but does mention them and their purposes.
I found it an entertaining overview of taking apart unassuming IIS servers and the point of “Recon harder. ” is made very well :)
Edit: s/boring/unassuming + added point was made very well
Found the LLM generated part.
Every large company big enough to host an intranet is running IIS somewhere, possibly everywhere. It integrates well with AD so some really complex tasks become stupid simple.
It's seeing less and less usage as the world moves to AWS which is equally stupid because you're tied to one vendor's proprietary products (Amazon) again. Except this time you don't own the hardware.
Public sector IT loves IIS. Check your municipality's tax or property website it's probably got .aspx scripts out the ass.
I've seen it hosting European web apps, public sector if I recall. Lots of bespoke .NET applications out there with SQL Server backends running entire local governments.
Asian countries especially China and Taiwan love IIS and use it to host anything and everything. This is a personal observation.
Sure the world has mostly moved on, but there's tons of legacy code out there that keeps cities and really important organizations humming that runs on IIS and it's never changing.
You think that's bad, there's still places out there running AS/400 stuff on the web, Lotus Notes, and Novell Groupwise (gasp).
https://bloomberry.com/data/windows-server/
Nothing internet facing mind.
I read the prerequisites of whatever software im asked to install and do what it says.
I'm not spending the next 3 years of my life trying to make some monitoring platform run on WebLogic i have other jobs to do in 4-8-12 hours.
I can't tell if you're being sarcastic, but on my full desktop browser the side bar overlaps the main panel, putting text on top of other text.
P.S. Other than this, I do like the presentation.
The author has yet to learn the extent to which civilization depends on people not being cunts to one another for no good reason.
note: Don't take this as your cue to start messing around with black hat. Don't become the guy trying to explain to your cell mate who's doing 50 years for a violent crimes what a unauthenticated supabase table is and why you deleted it.