# Microsoft IIS

## **Introduction**

> * Internet Information Services (IIS) for Windows Server is a flexible, secure and manageable Web server for hosting anything on the Web.
> * From media streaming to web applications, IIS's scalable and open architecture is ready to handle the most demanding tasks.

***

## **Microsoft IIS Tilde Enumeration**

> * IIS tilde directory enumeration is a technique utilised to uncover hidden files, directories, and short file names on some versions of Microsoft Internet Information Services (IIS) web servers.
> * This method takes advantage of a specific vulnerability in IIS, resulting from how it manages short file names within its directories.
> * The tilde (`~`) character, followed by a sequence number, signifies a short file name in a URL.
> * Hence, if someone determines a file or folder's short file name, they can exploit the tilde character and the short file name in the URL to access sensitive data or hidden resources.
> * Assume the server contains a hidden directory named SecretDocuments.
> * When a request is sent to `http://example.com/~s`, the server replies with a `200 OK` status code, revealing a directory with a short name beginning with "s".
> * The enumeration process continues by appending more characters
> * Manually sending HTTP requests for each letter of the alphabet can be a tedious process.
> * Fortunately, there is a tool called `IIS-ShortName-Scanner` that can automate this task.

***

## **IIS Tilde Automatic Enumeration**

**IIS ShortName Scanner:**

* GitHub Resource: <https://github.com/irsdl/IIS-ShortName-Scanner>
* Note: to use `IIS-ShortName-Scanner`, you will need to install Oracle Java.
* Refer to: <https://ubuntuhandbook.org/index.php/2022/03/install-jdk-18-ubuntu/>

**Others:**

* <https://github.com/sw33tLie/sns>
* <https://github.com/bitquark/shortscan>