Nmap Development mailing list archives
Re: General Webdav NSE script and the new IIS6 vulnerability
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 19 May 2009 20:05:27 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 19 May 2009 12:38:40 -0700 Fyodor <fyodor () insecure org> wrote:
Hi All. I noticed a thread on the security-basics list where someone was asking about an NSE script to detect the new IIS authentication bypass vulnerability: The vuln: http://seclists.org/fulldisclosure/2009/May/att-0134/IIS_Advisory_pdf More vuln details: http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html Webdav+Nmap security-basics thread: http://seclists.org/basics/2009/May/0160.html I was just starting to recognize that we should really write a script for detecting this when Ron IM'd me to say he was doing just that :). He's working furiously on it at the moment and we can expect an announcement from him today! Yay! But that security-basics thread also highlighted an old, more general Webdav script from Kris which some people were using to help find potentially vulnerable systems (those with IIS6+WebDAV enabled): http://ack-rst.com/scripts/webdav.nse So my questions are: 1) What is the status of this script? Is it ready to be cleaned up and integrated? I suppose it would need NSEDoc comments, but is there anything else missing or restructuring needed? Maybe Kris can let us know his thoughts on this. 2) Do people want this script in Nmap? Anyone want to test it out and report back to nmap-dev how it worked for you, whether it would be useful for you going forward, and any suggestions you might have for improving it? Cheers, -F
Small world. I worked on this yesterday but I was not able to come up with a way to determine if IIS 6 has WebDAV enabled. Does Kris's script work on IIS 6? I gave up after about a hour of playing curl/ncat on trying to detect if WebDAV is enabled. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkoTERYACgkQqaGPzAsl94JIWQCgnnP6xRWbKrEf3hRBOL+YcEpZ ecoAoLzD2Yg3pEO8ED0sV8+GWZ24qYLx =s11z -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General Webdav NSE script and the new IIS6 vulnerability Fyodor (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Kris Katterjohn (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Gutek (May 20)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)