xsspresso
xsspresso
Tags/ IIS

IIS

3 writeups tagged with IIS

WebMediumWindows

VHL — Trace

IIS 10.0 running Kartris eCommerce on Windows. SQL injection and .NET deserialization chain leads to code execution and privilege escalation.

#IIS#Kartris#SQLi
Feb 15, 2025Virtual Hacking Labs
WebEasyWindows

HTB — Grandpa

IIS 6.0 WebDAV buffer overflow (CVE-2017-7269) for initial access. Token kidnapping / churrasco escalates to SYSTEM.

#IIS#WebDAV#CVE-2017-7269
Jun 3, 2022HackTheBox
WebEasyWindows

HTB — Devel

Anonymous FTP write access to IIS webroot allows ASPX webshell upload. Local kernel exploit for SYSTEM.

#FTP#IIS#ASPX
May 10, 2022HackTheBox