Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scanning for WebDAV vulns

From: Ron <ron () skullsecurity net>
Date: Wed, 20 May 2009 18:17:31 -0500
Ron wrote:

Thierry Zoller wrote:

Hi Ron,

Thanks, you might want to have an option to check for write access,
on some strange setups this might actually happen.


There's no easy way, that I know of, to check for Write access. That
being said, there's a pretty good chance that if you exploit the
install, you'll have write access anyways -- I'm assuming people
generally give r/w access to Administrator (or whoever) -- what's the
point of running WebDAV if you don't?.

Ron


On a related note, my friend and I wrote an exploit for it. Basically,
take the patch we wrote and apply it to the latest version of Cadaver.
Then connect to the vulnerable site with Cadaver and navigate like you
normally would. It's great fun :)

He did an amazing and detailed writeup of the vulnerability and the
exploit and everything else here:
http://www.skullsecurity.org/blog/?p=285

It includes how to detect WebDAV, how to exploit Windows XP/2003, and
the actual code for the exploit.

Have fun, and be responsible :)

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: