IIS-ShortName-Scanner icon indicating copy to clipboard operation
IIS-ShortName-Scanner copied to clipboard

Published 20 hours ago verified publisher icon irsdl

Stuck in a loop?

Open infosecconsultant opened this issue 1 year ago • 3 comments

I'm not sure what's happening here. I've used this tool quite a bit for several years and I've run it against a box that appears to have the tool stuck in some kind of loop and I'm unsure why/how to fix it.

image Seems to start with 1 then 2, then 3, then 4 etc characters. Doesn't seem to detect web.config there though and I'm not sure why. Running the tool with default options.

Any suggestions would be welcome.

infosecconsultant avatar Jul 12 '23 14:07 infosecconsultant

Questions:

  • Did you let it to finish? It may take some time for it to finish. You can always proxy the requests to see when it goes wrong. Then you can use the config file to make it better.

  • Is this a known bb programme you can share the name?

  • Have you tried https://github.com/bitquark/shortscan?

irsdl avatar Jul 12 '23 15:07 irsdl

It didn't seem to finish (ran for more than 20 minutes when normally it would run for a few minutes at most and didn't detect any file names).

Do you mind opening your DM's on twitter for a few moments? I can share the host with you there.

I did indeed try with bitquarks version. It produced even more unexpected results. It detected it as vulnerable. Identified a bunch of files and folders, including some expected ones. But it also generated a huuuuge volume of files I'm not really convinced are actually there. Could be something else going on but I'm really not sure.

infosecconsultant avatar Jul 12 '23 16:07 infosecconsultant

What is your Twitter handle?

irsdl avatar Jul 12 '23 16:07 irsdl