HACKING IIS Server

Alright so you all wanna know how to break into IIS web servers? First off,
you should find a cgi-scanner so that things will get easier. My personnel
preferences are

"whisker" by "rain forest puppy" (www.wiretrip.net/rfp).

"cis" by "mnemonix" (www.cerberus-infosec.co.uk)

To understand which server is running on the victim site

telnet <victim> 80

GET HEAD / HTTP/1.0

and there you go with the name and the version of the web server. However
some sites might run their web servers over 8080, 81, 8000, 8001, and so on.
To understand SSL web servers, which provides encryption between the web

server and the browser we use the tool "ssleay"

s_client -connect <victim>:443

HEAD / HTTP /1.0

and here we go again.

To Download the full document here

:: DOWNLOAD ::