Home > Cloud Computing > Cloud Security

Attack and Defense instance application: attack against viruses! IIS Banner disguise

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Due to the inherent deficiency of IIS, it is easy for intruders to identify the category of the system. Believe it? Telnet to a system with IIS installed and enter a get command to check what is going on? As shown in 1, the system tells you without reservation that this system uses IIS5.0, which indirectly indicates that "I" is Windows 2000.


A little scared? Okay. Now let's attack the virus and let the IIS display information be changed according to our needs. Before modification, we first need to download a software-IIS/PWS Banner Edit-that modifies the display information of IIS Banner. With this, we can easily modify the IIS Banner. But before modification, we should first stop IIS, preferably stop World Wide Web Hing hing in the service), and clear all the files in the DLLcache. Otherwise, you will find that no changes have been made.

IIS/PWS Banner Edit is actually a dumb-level software. You only need to enter the desired Banner information in the New Banner and click Save to file to modify it. The following Make BackUp is used to prevent modification failures. Figure 2 shows the modified image. Now we simply modified it using IIS/PWS Banner Edit. For cainiao hackers, he may have been confused by false information, but for some experts, this does not cause any trouble to them. As the saying goes: cut grass to root. Therefore, we must modify the Banner information of IIS in person to ensure that the correspondence between IIS and Windows NT is safe, as shown in the table ).


To modify the Banner, you must know where the Banner information is hidden. in IIS/PWS Banner Edit, the File location has already pointed to the Banner's hiding place. Generally, W3SVC. DLL files are stored in the system directory system32INETSRV by default.

We can directly use Ultraedit to open W3SVC. DLL and search for it with the keyword "Server. Use the editor to replace the original content with the desired information, such as the display information of Apache, so that intruders cannot determine the type of our host and thus cannot select the overflow tool. Wonderful? As long as we have more brains, we can do the same, and change the FTP display information. Let's not talk about it here. Let readers think about it!

  1. Modify the IIS Banner to hide the operating system version
  2. FAQs about IIS Intrusion Prevention for VM instances
  3. Introduction to IIS Webdav

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
iis dos attack protection how to defend against ddos attack mongodb attack mysql attack script attack cloudflare attack snmp attack
Related Article
How does personal cloud security guarantee data security?
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More