Play all

Intro

Have you seen this before?

Resolving the HTTPAPI 2.0 404 Error

After fixing the host header

Accessing an internal admin panel via VHost Hopping ($1900)

Accessing the VHost

Reap the benefits

Typical Local File Disclosure in C#

Local file disclosure? web.config is your friend.

ASP.NET Viewstate Deserialization

Targeting Dependencies

Source Code Analysis through DNSpy

Navigating through DNSpy

Constraints

Local DTDs (Attempt 1)

Stack Trace But No Love

Local DTDs (Attempt 2)

Logical fuzzing of files and folders

More resources on hacking IIS

Description:

Dive into advanced IIS server hacking techniques in this 22-minute conference talk from NahamCon2021. Explore HTTPAPI 2.0 asset management, VHost hopping, local file disclosure in ASP.NET MVC applications, and complex XXE vectors. Learn to resolve 404 errors, access internal admin panels, leverage web.config files, and perform source code analysis using DNSpy. Discover logical fuzzing techniques for files and folders, and gain insights into ASP.NET Viewstate deserialization and targeting dependencies. Perfect for security professionals looking to enhance their IIS hacking skills.

Hacking IIS

NahamSec

Add to list

#Conference Talks #NahamCon #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Penetration Testing #Programming #Web Development #ASP.NET MVC #Web Security #Web Server Security

0:00 / 0:00