General
Internet Information Services (IIS) is a web server software that is developed by Microsoft and is included with the Windows operating system. It is used to host and serve web content, such as websites and web applications.
IIS configuration refers to the settings and options that are used to configure the IIS web server. These settings can be modified through the IIS Manager, a graphical user interface (GUI) tool, or by using command-line utilities or scripts.
IIS configuration can be exploited in several ways:
-
Modifying configuration settings: An attacker who has access to the IIS configuration could potentially modify settings to allow them to execute malicious code or to gain unauthorized access to the system.
-
Bypassing access controls: An attacker could modify the IIS configuration to bypass access controls and gain access to resources or systems that are normally restricted.
-
Adding malicious code: An attacker could add malicious code to the IIS configuration, which could be executed when the web server processes a request.
Commands
Internet Information Services (IIS) is the default web server on Windows installations. The configuration of websites on IIS is stored in a file called web.config
 and can store passwords for databases or configured authentication mechanisms. Depending on the installed version of IIS, we can find web.config in one of the following locations:
- C:\inetpub\wwwroot\web.config
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
Here is a quick way to find database connection strings on the file:
type C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config | findstr connectionString