The FrontPage Server Extensions (FPSE) have always had a bad reputation when it comes to security. As administrators try to eliminate it, Microsoft continues to integrate it into other products such as MS Office, SharePoint, MS Project, and now Windows Server 2003. With a confusing security model, sparse documentation, and difficulty in configuration, the FPSE are a significant risk. But they are definitely here to stay. Nonetheless, most admins do not understand them. This presentation will cover points such as: Are the FPSE really as insecure as everyone says? What are the real risks with FPSE? What are some even bigger risks with the FPSE? What are some ways to exploit the FPSE? Decoding vti_rpc Cool vti_rpc tricks Introducing my vti_rpc tool Exploiting backwards compatibility Finding unprotected FPSE sites Info gathering through the FPSE Getting directory listings through the FPSE Microsoft's fix for the htimage.exe and imagemap.exe problems. The real fix for the htimage.exe and imagemap.exe problems. Exploiting FP forms and databases. How does the FPSE security model work? Are shtml.dll, author.dll, and admin.dll all the same file? Why can't you uninstall FPSE? How can you move the FPSE? How can you remove the FPSE? How to use them safely Spotting FPSE hacks New Snort rules for FPSE Using Snort for FPSE logging Finding the proper FPSE updates Hacking SharePoint services Hacking FPSE on Windows Server 2003 The tools I will release at the conference are: A scanner for finding unprotected FPSE sites A script for gathering server info through FPSE A script to find all FPSE holes on a server A windows program for sending vti_rpc commands to a server A new set of Snort rules that are much more accurate and specific than the current rules