Category: Uncategorized

Posted on by 2 Comments

Configure UrlScan on IIS7.5 and IIS8

UrlScan is a security tool used to restrict types of HTTP requests that IIS will process. It is a simple tool which is very helpful in blocking harmful requests to the server. It seemingly supports only IIS 5.1, IIS 6.0, and IIS 7.0 on Windows Vista and Windows Server 2008. It has been deprecated since IIS 7.5 and IIS 8. It is said that Microsoft has included the features of UrlScan in request filtering option for IIS 7.5 and IIS 8. But it definitely is not a match for the simplicity of UrlScan. Today I am going to show you how to configure UrlScan in IIS 7.5 and IIS8. (IIS 7.5 is available in Windows server 2008 R2 and IIS 8 is available in Windows Server 2012 and Windows 8 ).

I am going to configure this in Windows server 2012 i.e IIS 8 but do not worry the configuration steps are similar in IIS 7.5. First and foremost install Web Platform Installer in your machine. This will help us to install all the components we require in simple steps. From web platform installer, select component IIS 6 metabase compatibility. This is compulsory to install URLscan.

Urlscan1

Then, select IIS ISAPI Filters. (ISAPI filters may already be installed in IIS 7.5 ).

Urlscan2

Click on Install. You are shown a review of components you selected to install. Click on I accept.

Urlscan3

The components are installed and will show you a Finish screen. Click on Finish.

Urlscan4

We are all set to install UrlScan. Download Urlscan and click on the msi package. On the window, select the option “I select the terms of license agreement” and click on “Install”.

Urlscan5

The installation is very quick. Once it finishes,click on “Finish”.

Urlscan6

Now open IIS Manager. Click on ISAPI filters.

Urlscan7

If everything went well, we should see a filter already set like below.

Urlscan8

Click on it. We can see that there is already a filter named URLscan 3.1 linking to the executable urlscan.dll.

urlscan

Before configuring UrlScan, let’s try a little banner grabbing to check whether UrlaScan is working or not. For this, we will use tool Idserve to fingerprint the server on which we have configured UrlScan. (www.shunya.com is fictional website i set on my server ).

Urlscan10

We can see that the version is Microsoft-IIS/8.0. Now let’s go to the configuration file of urlscan (urlscan.ini) to make some changes to it. It is located by default at “C:WindowsSystem32inetservurlscan”and change the value of “RemoveServerHeader” to “1” from “0”. Save the file.

Urlscan11

Now let’s again try to banner grab using Idserve. Restart the web server.

urlscan

We can see that the server version has not been disclosed hence our UrlScan is working successfully. Hope it was helpful.

Posted on by 1 Comment

How to hide an exe file in a Jpeg

I have been searching for a way to send an executable file to someone and make him to execute it. Sending the exe directly is not feasible. So let’s see how to hide an exe file in a jpeg and test its feasibility. First of all, create a new directory namedtestand download some images and name them similarly. I downloaded images of a popular Tollywood actress. The plan is to lure the victim into falling in the trap. I did this on a Windows 7 machine.

Expeg1

Go to Folder Options”, go to View tab”,deselect ‘ Hide extensions for known file types‘ and select option Show hidden files, folders and drives. This will allow us to see the extensions of the files we are working with.

Expeg2

Open Notepad, type the following text and save it with the extension .bat”. What the following code does is it creates a new user named “hacker” with password “abc123″ in the Windows machine this code gets executed.

Expeg3

Download BAT to EXE converter and convert the batch file we just created to an exe.

Expeg4
Expeg5

Rename the file “samy.exe” to “samy_3.jpg”. Windows will prompt a warning. Ignore it.

Expeg6

Right click on the file “samy_3.jpg”, drag it a little and leave. Select ‘Create Shortcuts here’. We are creating a shortcut for the file samy_3.jpg.

Expeg7

Rename the shortcut to “samy_0.jpg”.Whatever the name you give make sure that the shortcut is clicked first and not the exe file.

Expeg8

Right click on “samy_0.jpg” and select Properties. In the “Start in” column delete the entire text. In the “Target:” column type “C:Windowssystem32cmd.exec samy_3.jpg.” This will run the file samy_3.jpg when clicked on the samy_0.jpg.

Expeg9

Click on “Change Icon” tab. Replace the text inside with “%SystemRoot%system32SHELL32.dll”and click on “OK”.

Expeg10

Compress all files into zip archive with the name “samy unseen.zip”. Remember that name should be attractive enough to lure the victim into clicking the images.

how to hide an exe file in a jpeg

OK, package is ready. Now the bigger challenge is to send the package to the victim’s computer. I tried to mail the package to the victim but it didn’t work out.

Expeg12

So I suggest you to find your own way of sending it to the victim. To test if the package will work on the victim’s system or not openCMD” and type the command “net user” before executing the image. It will show us all the users on the system.

Expeg13

Then click on the image samy_0.jpg. Open “CMD” and type the “net user” command again.

Expeg14

A new user named hacker has been created. So the trick worked.