Wiki
  • Introduction
  • šŸ‘¾Penetration Testing
    • Application Security
      • Mobile App Security
        • Android Application Testing
          • Security Checklist
          • SSL Pinning Bypasses
          • Non-Proxy Aware Applications
            • Setting up VPN Server
            • Bypasses
          • Common Proxying Issues
          • Android Local Storage Checks
          • Android Task Hijacking
          • Kiosk Mode / Breakout Testing
          • Magisk on GenyMotion
        • iOS Application Testing
          • iOS Testing Using Objection
          • IPA Analysis Using MobSF
          • iOS Jailbreak Bypass
          • Decrypting iOS Apps
          • iOS Reverse Engineering
          • Jailbreak Detection Bypasses
          • iOS Local Storage Checks
          • Installing IPA
          • ATS Auditing
          • iOS Jailbreaking
          • Frida Pinning Bypasses
          • iOS Jailbreaking
        • Code Security
        • Frida on Windows
      • Web Application Security
        • Web Shells
        • CSV Injection
        • Measure Response Time using CURL
        • OSINT
          • EyeWitness
        • GraphQL Hacking
      • API Security
        • Security Checklist
        • Postman and Burp
        • CURL via BurpSuite
        • SOAP API Pentesting
    • Infrastructure Security
      • Network Infrastructure
        • Red Team Powershell Scripts
        • Mounting NFS Shares
        • Password Cracking/Auditing
        • Remote Access Sheet
        • Password Cracking Using Hashcat
        • Calculate IP Addresses from CIDR
        • Grep IP addresses or IP Ranges from a File
        • Default Credentials Checking
        • Check SSL/TLS Certificates
        • Log a terminal session
        • Unauthenticated Mongo DB
        • Microsoft SQL Server (MSSQL)
        • NTP Mode 6 Vulnerabilities
        • BloodHound
        • AD Offensive Testing
        • CrackMapExec
        • Select all IP addresses in Sublime Text
        • Convert CIDRs to an IP address list
        • Microsoft Exchange Client Access Server Information Disclosure
        • Web Server HTTP Header Internal IP Disclosure
        • smbclient.py
        • GetUserSPNs.py
        • Get-GPPPassword.py
        • SMBMap
        • Mounting Shares
        • mitm6
        • AD Attacks
        • Weak IKE Security Configurations
        • Locked BIOS Password Bypass
      • Wireless Security
        • Cached Wireless Keys
        • Aircrack Suite
    • SSL/TLS Security
    • Secure Code Review
      • Python
      • Semgrep
        • Semgrep to HTML Report
    • Cloud Security
      • Cloud Penetration Testing
    • Social Engineering
      • Simulated Phishing
        • GoPhish
    • Tool Usage
      • Docker
      • Split
      • PhantomJS
      • Aquatone
      • Tmux
      • Ipainstaller
      • Public IP From Command Line
      • Wifite
      • IKE Scan
      • Grep
      • Pulling APKs
      • Bitsadmin
      • Drozer
      • Iptables
      • Python Web Server
      • Crackmapexec
      • Impacket
      • Nessus
      • Adding SUDO User
      • Nmap
      • Metasploit Payloads
      • SMTP Open Relay
      • SQLMap
      • Screen
      • Remove All After Colon
      • Remove Old Linux Kernels
      • CURL
      • Hashcat
      • Secure Copy Protocol (SCP)
      • SSH & PGP Tools
      • IP Calculator
      • BloodHound
      • Netcat File Transfer
      • OpenVAS
      • BurpSuite
      • Exiftool
      • Python Virtual Environments
    • Errors and Solutions
      • Kill Process On Specific Port
      • Kill SSH Port Forwarding
      • SSH Key
      • Expanding Disk on Kali VM
    • Scoping
      • Scoping Questionnaires
        • Mobile App Testing
    • OSINT
      • Dark Web OSINT
      • Certificate Chain Check
      • EyeWitness - Web Service Screenshot
      • Tor to Browse Onion Links
      • DarkDump - Scan Dark Web for Onion Links
      • Domain related File Search
      • Google Dorking
      • IP / Network Blocks owned by a Company
  • āŒØļøProgramming
    • Automation
      • Running a Service at Boot
      • Network Connectivity Cron
    • Python
      • Adding Columns in Pandas
      • Copy Entire Column Data To New Column Pandas
      • Loading Progress Bar
      • Reorder Columns in Pandas
      • Filename with Date/Time Stamp
      • Command Line Arguments
      • Changing Date Format
      • Removing Index Column Pandas
      • Regex - Remove HTML Tags
      • Column Header Mapping
  • šŸŒMiscellaneous
    • Scripts
      • Clickjacking Checker
      • Bulk WHOIS
      • SMB Signing Check
      • FDQN to IP Address
      • Grep IP Addresses
      • Nessus Parser
      • Build Review Audit
      • Nessus Merger
      • Nmap2CSV
      • Remove Audio From Videos
    • Favourite Reads/Links
    • Hacking Posters
    • Windows Developer VMs
    • Windows Workspaces
    • GitHub Pages
    • Interview Prep
      • Senior Penetration Tester
    • CVSS Formula
    • Android Rooting
      • Lineage OS 18.1 on OnePlus X
      • TWRP Recover on OnePlus X
      • Magisk Rooting
    • Presentation Slides
      • BlackHat - USA [2022]
  • šŸžVulnerability Wiki
    • šŸŒAPPLICATION LEVEL
      • šŸ”’AUTHENTICATION
        • Authentication Bypass
        • Lack of Password Confirmation
        • 2FA Code Brute-forceable
        • Lack of Verification
        • Lack of Throttling on Form Submissions
        • Lack of Rate Limiting on Login
        • Weak Password Complexity Rules
        • šŸ–„ļøSESSION MANAGEMENT
        • šŸ”‘ACCESS CONTROL
      • šŸ”¢INPUT VALIDATION
      • āž—CRYPTOGRAPHY
      • šŸ“‰LOGGING
      • šŸ“•DATA PROTECTION
      • šŸ“²COMMUNICATION
      • šŸ‘Øā€šŸ’»MALICIOUS CODE
      • šŸ’”LOGIC
      • šŸ—„ļøFILE UPLOAD
      • āš™ļøAPI ISSUES
      • šŸ”CONFIGURATIONS
    • šŸ’¾INFRASTRUCTURE LEVEL
      • ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524)
      • ASP.NET Debug Mode Validation
Powered by GitBook
On this page
  • Checking if an ASP.NET Server is Running in Debug Mode
  • Tools Needed
  • Sending the HTTP Request
  • Conclusion

Was this helpful?

  1. Vulnerability Wiki
  2. INFRASTRUCTURE LEVEL

ASP.NET Debug Mode Validation

Checking if an ASP.NET Server is Running in Debug Mode

Securing servers involves multiple steps, and one of the initial tasks is identifying vulnerabilities that can easily be exploitedā€”often referred to as "low-hanging fruit." To get an overview of potential weaknesses quickly, vulnerability scanners are commonly used. However, sometimes relying on scanners isn't enough, and it's useful to perform manual checks. One such vulnerability I frequently encounter is ASP.NET servers running in debug mode, often due to negligence from developers.

In this guide, weā€™ll walk through a simple method to check whether an ASP.NET server is running in debug mode using basic tools over HTTP(s). While we wonā€™t dive into the consequences of running in debug mode or how to exploit it, this method will help you quickly identify such a setup.

Tools Needed

Weā€™re not going to use any advanced tools hereā€”just some basic utilities. Depending on whether the server is using HTTPS or HTTP, weā€™ll need at least two tools:

  • Netcat or Telnet for non-HTTPS (plain HTTP) servers

  • OpenSSL for HTTPS servers

I'll be using Kali Linux in this example, but these commands should work on any Linux distribution with the appropriate tools installed.

Netcat and Telnet

If the target server doesnā€™t use HTTPS, connecting to it is straightforward with Netcat or Telnet. Here's how to use them:

$ nc host port

Or:

$ telnet host port

OpenSSL

For servers that use HTTPS, you'll need OpenSSL to establish a secure connection:

$ openssl s_client -connect host:port

After running this command, you should be connected, and your terminal will be ready to accept input.

Sending the HTTP Request

The goal here is to send an HTTP request that can trigger the ASP.NET debugger. To do this, we'll use the DEBUG HTTP verb, which is specific to Microsoft servers and is not part of the official HTTP standard. With this verb, weā€™ll issue a command to the server, asking it to stop debugging (if debugging is enabled).

Hereā€™s the HTTP request format:

DEBUG / HTTP/1.1
Host: hostname_here
Command: stop-debug

In this request:

  • The DEBUG / verb tells the server we're attempting to interact with the debugger.

  • The Host: header identifies the target server.

  • The Command: stop-debug instructs the debugger to stop, which is simply a way to verify the server's debug mode status.

Interpreting the Response

If the server is running in debug mode, you should receive an HTTP response like this:

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: blahblahblah
Content-Length: 2

OK

If the response is anything other than HTTP/1.1 200 OK, it indicates that the server is not running in debug modeā€”or you may need to check your request for any mistakes.

Conclusion

This method provides a simple and effective way to check if an ASP.NET server is running in debug mode, using basic tools and HTTP requests. By manually verifying the presence of the DEBUG verb in the server's response, you can determine whether debugging is enabled, helping to identify potential security risks.

PreviousICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524)

Last updated 4 months ago

Was this helpful?

šŸž
šŸ’¾