When a cainiao encounters a hacker (5): hacker intrusion window: IIS

Using IIS (Internet Information Server) allows conditional users to easily create a local website server and provide low-traffic HTTP access and some file transfer FTP services, however, it is precisely this IIS (this chapter only introduces the servers created by IIS) that has become the target of hacker attacks or the "cloud ladder" that has intruded into the local machine ".

Attack

Attacks against IIS can be said to be varied. It is a required course for beginners to use a large number of data requests to overload IIS and stop working. However, in view of the length of the article, we will not detail the IIS attacks, but will talk about the intrusion into IIS.

Since the advent of IIS, its vulnerabilities or gaps have emerged one after another. Many users have switched to "Apache" (another Web service software) over IIS, which is easy to configure and has excellent performance, it is also because of its cumbersome vulnerability and patch upgrade work. Hackers can not only use this vulnerability to stop their computers from providing external network services, but also modify the content of their home pages, or even use this vulnerability to access the computer and delete and modify files on the host. Taking the Extended Unicode Directory Traversal Vulnerability as an example, hackers can use tool software (such as IIS cracker) to enter the computer, which is the interface after the "IIS Cracker" intrusion is successful, it accurately displays the files on the host of the other party. By remotely controlling intrusions, hackers have permissions to steal, modify, and delete the home pages and files on the host.

Note: IIS 4.0 and IIS 5.0 have a security vulnerability in the implementation of UNICODE character decoding, which allows users to remotely execute arbitrary commands through IIS. When IIS opens a file, if the file name contains Unicode characters, it will decode it, but if you provide some special encoding, this may cause IIS to incorrectly open or execute files outside the Web root directory.

Prevention

the easiest way to Prevent IIS vulnerability intrusion is to upgrade IIS and install Microsoft vulnerability patches anytime, anywhere, however, the Microsoft-bound IIS version and the number of independent IIS versions available for download on the Internet are numerous, which makes it hard for users to understand which upgrades are required? What are the vulnerabilities and what are the vulnerabilities? Here I will introduce a method: Use the Program to scan your configured IIS, scanning is not a real hacker attack. It is just a way to find the entrance. In this way, you can use the scan method to know which IIS vulnerabilities exist, that is, you can perform targeted IIS upgrades. The Unicode vulnerability of IIS described earlier can be scanned through rangescan or happy green e Unicode vulnerability scanner. To improve IIS security, we recommend that you use some global scanning programs to not only scan for Unicode vulnerabilities, but also scan for new and unfamiliar vulnerabilities, then, upgrade the server and make relevant adjustments according to the introduction on the Internet.