- Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
- From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.
- IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
- This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
- The tilde (
~) character, followed by a sequence number, signifies a short file name in a URL.- Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
- Assume the server contains a hidden directory named SecretDocuments.
- When a request is sent to
http://example.com/~s, the server replies with a200 OKstatus code, revealing a directory with a short name beginning with "s".- The enumeration process continues by appending more characters
- Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
- Fortunately, there is a tool called
IIS-ShortName-Scannerthat can automate this task.
IIS ShortName Scanner:
- GitHub Resource: https://github.com/irsdl/IIS-ShortName-Scanner
- Note: to use
IIS-ShortName-Scanner, you will need to install Oracle Java. - Refer to: https://ubuntuhandbook.org/index.php/2022/03/install-jdk-18-ubuntu/
Others: