From LOW to PWNED [12] Trace.axd

"Trace.axd is an Http Handler for .Net  that can be used to view the trace details for an application. This file resides in the application’s root directory. A request to this file through a browser displays the trace log of the last n requests in time-order,

where n is an integer determined by the value set by requestLimit=”[n]” in the application’s configuration file."

<a href="http://www.ucertify.com/article/what-is-traceaxd.html">http://www.ucertify.com/article/what-is-traceaxd.html</a>

It is a separate file to store tracing messages. If you have pageOutput set to true, your webpage will acquire a large table at the bottom. That will list lots of information—the trace information. trace.axd allows you to see traces on a separate page, which

is always named trace.axd.

<a href="http://www.dotnetperls.com/trace">http://www.dotnetperls.com/trace</a>

LOW? Actually a Medium.

<a href="http://2.bp.blogspot.com/-Pyah57XUOdY/T77bzNxQhBI/AAAAAAAAA1o/x6exxge_MfM/s1600/trace-axd-16.PNG"></a>

<a href="http://2.bp.blogspot.com/-yXEjfsUqBFc/T77cJQJPGVI/AAAAAAAAA14/L1NK7nhC8F4/s1600/nessus-traceaxd-screenie.PNG"></a>

What can I do with it?

Read ALL variables and data from HTTP requests

POST requests rock! ?

Discovery?

Metasploit

Vuln Scanners

<a href="http://4.bp.blogspot.com/-UkJo3k9DK2I/T77c4HO9LcI/AAAAAAAAA2I/j_VWwhTSnlI/s1600/msf-trace-sani.PNG"></a>

Example

<a href="http://2.bp.blogspot.com/-dTVq4jvQLuc/T77dYpP_cmI/AAAAAAAAA2Q/egtMl-YSSDw/s1600/trace-example1-sani.PNG"></a>

Main trace.axd page

<a href="http://4.bp.blogspot.com/-uJaFiimodOQ/T77dZ4Pb9pI/AAAAAAAAA2Y/4Z9xvH8UO_o/s1600/trace-example2-sani.PNG"></a>

Viewing a request

<a href="http://4.bp.blogspot.com/-qvX3tUT7bVo/T77daT0_PKI/AAAAAAAAA2g/WOCyV8UNJOo/s1600/trace-example3-sani.PNG"></a>

Post request with creds

<a href="http://zeroknock.blogspot.com/2012/05/traversing-traceaxd-and-miconfiguration.html">http://zeroknock.blogspot.com/2012/05/traversing-traceaxd-and-miconfiguration.html</a>

-CG