Attacking and Defending Microsoft IIS - BSides Canberra 2024 Training
Published: 22/09/2024
I’ll be running a 3 hour training session at BSides Canberra 2024 this coming Friday at 9am which is free for all attendees. Checkout the event at https://cfp.bsidescbr.com.au/bsides-canberra-2024/talk/MKHDNA/ for location and session details.
Internet around the BSides venue is notoriously bad so rather than ask a room full of people to pull down 6-7gb of files at once, I figured I’d write up a quick “what you’ll need” blog post.
Looking forward to seeing you all on Friday!
Operating System
This training session will require a recent version of Windows (server or desktop). I have tested with Windows 11 Home and Pro as well as Windows Server 2022. VMs are fine however nothing we will be doing will be dangerous so using a host OS is fine.
Visual Studio 2022 Community Edition
While not strictly required, if you want to have the best experience with the training session, Visual Studio is highly recommended.
While installing you’ll reach a screen similar to the following:
Tick the ASP.NET and web development
box in the central panel. If you want to shave ~1gb off the install, untick everything from the right hand list except .NET Framework 4.8 development tools
.
To verify your install is ready to go, create a new project and ensure the Class Library (.NET Framework)
template is available.
DNSpy
Download Link: https://github.com/dnSpyEx/dnSpy/releases
Download the latest release for your architecture.
WinDBG
Microsoft has made installation of WinDBG a little tricky unless you are fully plugged into their ecosystem. If you are on a desktop version of Windows and have a Microsoft account linked up to the Microsoft store, you can download WinDBG either directly from the Microsoft store or from https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/#install-windbg-with-windows-package-manager
If you are on a Server build on Windows or otherwise don’t have access to the Microsoft Store, download WinDBG from https://windbg.download.prss.microsoft.com/dbazure/prod/1-2407-24003-0/windbg.msixbundle then install it via PowerShell with the following command
Add-AppxPackage .windbg.msixbundle
NetExt
NetExt is a plugin for WinDGB which greatly assists with the analysis of IIS memory dumps. The easiest way to install it is to download Install-NetExt.ps1
and NetExt-2.1.65.5000.zip
from https://github.com/rodneyviana/netext/releases/tag/2.1.65.5000 then run the PowerShell script. The PowerShell script expects the zip file to be in your Downloads directory.
Process Hacker
Download Link (Portable): https://sourceforge.net/projects/processhacker/files/processhacker2/processhacker-2.39-bin.zip/download
Download Link (Installer): https://sourceforge.net/projects/processhacker/files/processhacker2/processhacker-2.39-setup.exe/download
Download and extract/install.
YSoSerial
Download Link: https://github.com/pwntester/ysoserial.net/releases/tag/v1.36
Download and extract the latest release from the releases page. I recommend renaming the folder post extraction to reduce its length when we run YSoSerial from the terminal
Slides/Code snippets
I’ll publish another post on Thursday evening containing the slides and code snippets used during the session.