These two days have been watching the problem of IIS Metabase, found a small problem:
On the Windows operating system installed in IIS, you will come out to two Windows users, one is the iuser_ machine name, one is the WAM_ machine name
Both are standard Windows users, belong to the guest group, password is randomly assigned by the system.
We know that Windows user information is stored in more than one place, but it seems that we don't know the password of a user. for example
For the Administrator account, have the greatest permissions, there is another other user CQQ, but I don't know his password,
So even though we can modify the CQQ password, but we can't know the original password of CQQ.
However, for the two users of IIS, their user information is also saved in IIS Metabase and is saved in a clear text. IIS Metabase
It is where to save IIS configuration information, I am watching this information two days, because I intend to write a backup restore tool for IIS configuration information.
Through Microsoft's Adsutil.vbs Script, we can view all information in IIS Metabase, this scripter can
C: / INETPUB / ADMINSCRIPTS is found (seeing the root directory of your machine when installing IIS).
Open the DOS window, enter CScript Iis.vbs Enum W3SVC Enter, we will see a large string about the Web site,
There are two items inside:
Anonymoususername: (String) "IUSR_CQQ"
AnonymousUserpass: (String) "**********"
Wamusername: (String) "iWam_CQQ"
Wamuserpass: (String) "*********"
Everyone knows what it means, but in the script in adsutil.vbs, Microsoft has handled the password, no direct
Displayed, everyone can display the password directly by modifying adsutil.vbs, the results are as follows:
Anonymoususername: (String) "IUSR_CQQ"
AnonymousUserpass: (string) "gtui * ZITYE (9AG"
Wamusername: (String) "iWam_CQQ"
Wamuserpass: (String) "5Prfmqixw) 4FR"
In addition, I also made a small program to display this information, and the modified Adsutil.vbs and the programs I have made can be found here.
