IIS
Tilde Enumeration
Assume the server contains a hidden directory named SecretDocuments. When a request is sent to http://example.com/~s
, the server replies with a 200 OK
status code, revealing a directory with a short name beginning with "s"
Once the short name secret~1
is identified, enumeration of specific file names within that path can be performed, potentially exposing sensitive documents
The same IIS tilde directory enumeration technique can also detect 8.3 short file names for files within the directory.
If two files named somefile.txt
and somefile1.txt
exist in the same directory, their 8.3 short file names would be:
somefi~1.txt
forsomefile.txt
somefi~2.txt
forsomefile1.txt
IIS ShortName Scanner
Upon executing the tool, it discovers 2 directories and 3 files. However, the target does not permit GET
access to http://10.129.204.231/TRANSF~1.ASP
, necessitating the brute-forcing of the remaining filename.
Generate Wordlist
Fuzzing
Last updated