Attack and Defense instance: attack against viruses! IIS Banner disguise

Source: Internet
Author: User

Due to the inherent deficiency of IIS, it is easy for intruders to identify the category of the system. Believe it? Telnet to a system with IIS installed and enter a get command to check what is going on? As shown in 1, the system tells you without reservation that this system uses IIS5.0, which indirectly indicates that "I" is Windows 2000.


Figure 1

A little scared? Okay. Now let's attack the virus and let the IIS display information be changed according to our needs. Before modification, we first need to download a software-IIS/PWS Banner Edit-that modifies the display information of IIS Banner. With this, we can easily modify the IIS Banner. However, before modification, stop IIS (preferably stop World Wide Web Hing hing in the service) and clear all the files in the DLLcache. Otherwise, you will find that no changes have been made.
 

IIS/PWS Banner Edit is actually a dumb-level software. You only need to enter the desired Banner information in the New Banner and click Save to file to modify it. The following Make BackUp is used to prevent modification failures. Figure 2 shows the modified image. Now we simply modified it using IIS/PWS Banner Edit. For cainiao hackers, he may have been confused by false information, but for some experts, this does not cause any trouble to them. As the saying goes: cut grass to root. Therefore, you must modify the Banner information of IIS in person to ensure that the corresponding relationship between IIS and Windows NT is safe (see the table ).


Figure 2

To modify the Banner, you must know where the Banner information is hidden. in IIS/PWS Banner Edit, the File location has already pointed to the Banner's hiding place. Generally, W3SVC. DLL files are stored in the system directory system32INETSRV by default.

We can directly use Ultraedit to open W3SVC. DLL and search for it with the keyword "Server. Use the editor to replace the original content with the desired information, such as the display information of Apache, so that intruders cannot determine the type of our host and thus cannot select the overflow tool. Wonderful? As long as we have more brains, we can do the same, and change the FTP display information. Let's not talk about it here. Let readers think about it!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.