Overview
Syllabus
Intro
Have you seen this before?
Resolving the HTTPAPI 2.0 404 Error
After fixing the host header
Accessing an internal admin panel via VHost Hopping ($1900)
Accessing the VHost
Reap the benefits
Typical Local File Disclosure in C#
Local file disclosure? web.config is your friend.
ASP.NET Viewstate Deserialization
Targeting Dependencies
Source Code Analysis through DNSpy
Navigating through DNSpy
Constraints
Local DTDs (Attempt 1)
Stack Trace But No Love
Local DTDs (Attempt 2)
Logical fuzzing of files and folders
More resources on hacking IIS
Taught by
NahamSec