Microsoft Internet Information Services (IIS)
IIS 7.5 Tilde vulnerability enumeration
The enumeration process starts by sending requests with various characters following the tilde:
The enumeration process continues by appending more characters
Continuing this procedure, the short name secret~1 is eventually discovered, files in that directory can be accessed by submitting requests such as:
The same IIS tilde directory enumeration technique can also detect 8.3 short file names for files within the directory. After obtaining the short names, those files can be directly accessed using the short names in the requests.
In 8.3 short file names, such as somefi~1.txt, the number "1" is a unique identifier that distinguishes files with similar names within the same directory. The numbers following the tilde (~) assist the file system in differentiating between files that share similarities in their names, ensuring each file has a distinct 8.3 short file name.
For example, if two files named somefile.txt and somefile1.txt exist in the same directory, their 8.3 short file names would be:
somefi~1.txtforsomefile.txtsomefi~2.txtforsomefile1.txt
Tool:
Cause:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation was not set as 1
Solution:
Open registry editor
Navigate to below registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
Right-click NtfsDisable8dot3NameCreation, and then click Modify.
In the Value data box, type 1, and then click OK.
Last updated