Security Basics mailing list archives
Re: WebDAV and nmap. [NC]
From: Reda-Karim FAKHIR <reda-karim.fakhir () sgcib com>
Date: Mon, 18 May 2009 16:33:04 +0200
have you test nickto ? la_bigmac () hotmail com Sent by: listbounce () securityfocus com 18/05/09 02:27 PM To security-basics () securityfocus com cc Subject WebDAV and nmap. Hello, I would like to scan my networks to find any IIS6 servers that currently have WebDAV inuse. Looks like webDAV has issues again allowing for authentication bypass... Would the nmap scripting engine be a good tool to automate this? Does anyone already have an .nse to look at and inspect a http response? Or sample scrips that I could adapt. I can find the IIS6 servers using a version scan its the webDAV support I am stuck on.. Any help would be great. Mat. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ ************************************************************************* This message and any attachments (the "message") are confidential, intended solely for the addressee(s), and may contain legally privileged information. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. ************ Ce message et toutes les pieces jointes (ci-apres le "message") sont confidentiels et susceptibles de contenir des informations couvertes par le secret professionnel. Ce message est etabli a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout message electronique est susceptible d'alteration. La SOCIETE GENERALE et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. ************************************************************************* ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- WebDAV and nmap. la_bigmac (May 18)
- Re: WebDAV and nmap. [NC] Reda-Karim FAKHIR (May 19)
- RE: WebDAV and nmap. Rafael Torrales Levaggi (May 19)
- RE: WebDAV and nmap. Jeremi Gosney (May 19)
- Re: WebDAV and nmap. Ron (May 20)
- <Possible follow-ups>
- Re: WebDAV and nmap. Not_in (May 19)
- Re: WebDAV and nmap. la_bigmac (May 19)
- Re: WebDAV and nmap. kennedyd013 (May 19)