Dive into advanced IIS server hacking techniques in this 22-minute conference talk from NahamCon2021. Explore HTTPAPI 2.0 asset management, VHost hopping, local file disclosure in ASP.NET MVC applications, and complex XXE vectors. Learn to resolve 404 errors, access internal admin panels, leverage web.config files, and perform source code analysis using DNSpy. Discover logical fuzzing techniques for files and folders, and gain insights into ASP.NET Viewstate deserialization and targeting dependencies. Perfect for security professionals looking to enhance their IIS hacking skills.
Overview
Syllabus
Intro
Have you seen this before?
Resolving the HTTPAPI 2.0 404 Error
After fixing the host header
Accessing an internal admin panel via VHost Hopping ($1900)
Accessing the VHost
Reap the benefits
Typical Local File Disclosure in C#
Local file disclosure? web.config is your friend.
ASP.NET Viewstate Deserialization
Targeting Dependencies
Source Code Analysis through DNSpy
Navigating through DNSpy
Constraints
Local DTDs (Attempt 1)
Stack Trace But No Love
Local DTDs (Attempt 2)
Logical fuzzing of files and folders
More resources on hacking IIS
Taught by
NahamSec
