Nmap Development mailing list archives
Re: General Webdav NSE script and the new IIS6 vulnerability
From: jah <jah () zadkiel plus com>
Date: Tue, 19 May 2009 21:31:53 +0100
On 19/05/2009 21:05, Brandon Enright wrote:
Small world. I worked on this yesterday but I was not able to come up with a way to determine if IIS 6 has WebDAV enabled. Does Kris's script work on IIS 6? I gave up after about a hour of playing curl/ncat on trying to detect if WebDAV is enabled.
I'm playing with the same thing, but haven't got very far. I find that the PROPFIND method returns HTTP/1.1 501 Not Implemented if webdav is set to 'prohibited' and HTTP/1.1 207 Multi-Status if it's allowed. I've only tried this on Windows SBS 2003 SP1 so I don't know at this point whether this is a reliable way to detect whether webdav is enabled for different IIS builds and configurations. I haven't tried Kris's script yet, but intend to if it turns out that PROPFIND doesn't reliably work. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General Webdav NSE script and the new IIS6 vulnerability Fyodor (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Kris Katterjohn (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Gutek (May 20)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)