Nmap Development mailing list archives
Re: General Webdav NSE script and the new IIS6 vulnerability
From: Gutek <ange.gutek () gmail com>
Date: Wed, 20 May 2009 19:20:52 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------- Fyodor wrote:
But that security-basics thread also highlighted an old, more general Webdav script from Kris which some people were using to help find potentially vulnerable systems (those with IIS6+WebDAV enabled): http://ack-rst.com/scripts/webdav.nse
It's good to see people using a script I wrote but completely forgot about, especially when I can see code comments I don't remember like "'OPTIONS *' may seem like a good idea (it did to me), but it blows" :-) Upon first glance it appears that the script hosted on ack-rst is the same as the one I originally posted to nmap-dev, aside from them copying part of my email into the description field: http://seclists.org/nmap-dev/2008/q1/0267.html (...) - -------------- Since the release of the NSEngine I look for interresting scripts projects, PoCs and devs. I'm focusing on those witch are still not approved for any Nmap "official" dev branch exactly because of what appens here : I think that one day, someone could find one of those projects on my repository and says "hey, that's pretty cool ! specially now, with this news flaw spreading on the Net ! Who wrote that ? What was the idea ? I want to be a part of it." That's why I also add some relevant comments (from dev list) from the author to the short comments provided inside the script, as well as some output examples. regards, A.Gutek -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBShQ79KT8wswsJm43AQKhrAb+KZ7w6zBuESzA6ycueJOkUo/ECs3NkIen BQaBgc8rM4YbNuyZEnEwjqSTLbbKWZ3qcjCVvesfK4q77VWE5cRDHagJbWk56mK0 QSUKz9JlDVg+hZ4oMi9uenEkr4y5NMJC12zGNianjUOCRSENuSwmrWecALWDEkSa K7w9tpFM0dzrvMAMB/XlqScZPBC/lCOtV/VfznV1DPcXsmPJqOsvMJh+1KRaW1Rv WV/0vOP5yD7aN2qsuukL0dRnpxjxsdX19BFDXh+kVgehpUYKnnqCdQ+aLRFe5QDF 6+Cd2I3oLgQ= =qzyB -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- General Webdav NSE script and the new IIS6 vulnerability Fyodor (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability jah (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Kris Katterjohn (May 19)
- Re: General Webdav NSE script and the new IIS6 vulnerability Gutek (May 20)
- Re: General Webdav NSE script and the new IIS6 vulnerability Brandon Enright (May 19)