http://secure2s.net/tools/2006/06/23/xprobe2/ Secure2S Security Tool Sets Blog Thu, 20 Nov 2008 10:04:57 +0000 http://wordpress.org/?v=2.1.2 http://secure2s.net/tools/2006/06/23/xprobe2/#comment-3 ha.ckers.org security lab - Archive » Finding 404s despite ErrorDocuments and fingerprinting IIS6.0 Mon, 26 Jun 2006 21:05:33 +0000 http://secure2s.net/tools/2006/06/23/xprobe2/#comment-3 [...] As you can see, they are wildly different, despite the fact that the Apache instance above had an ErrorDocument. I have not been able to validate against the same type of error handling under IIS but based on this, I don’t believe IIS would handle the request at all, seeing it entirely as invalid (a 400 error instead of a 404 error). This could easily allow you to fingerprint a machine between IIS and Apache alone on a single malformed request, which could easily be built into httprint, xprobe or nmap or other similar tools. [...] […] As you can see, they are wildly different, despite the fact that the Apache instance above had an ErrorDocument. I have not been able to validate against the same type of error handling under IIS but based on this, I don’t believe IIS would handle the request at all, seeing it entirely as invalid (a 400 error instead of a 404 error). This could easily allow you to fingerprint a machine between IIS and Apache alone on a single malformed request, which could easily be built into httprint, xprobe or nmap or other similar tools. […]

]]>