Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: General Webdav NSE script and the new IIS6 vulnerability
From: jah <jah () zadkiel plus com>
Date: Tue, 19 May 2009 21:31:53 +0100

On 19/05/2009 21:05, Brandon Enright wrote:
Small world.  I worked on this yesterday but I was not able to come up
with a way to determine if IIS 6 has WebDAV enabled.  Does Kris's
script work on IIS 6?  I gave up after about a hour of playing
curl/ncat on trying to detect if WebDAV is enabled.
I'm playing with the same thing, but haven't got very far.  I find that
the PROPFIND method returns HTTP/1.1 501 Not Implemented if webdav is
set to 'prohibited' and HTTP/1.1 207 Multi-Status if it's allowed.  I've
only tried this on Windows SBS 2003 SP1 so I don't know at this point
whether this is a reliable way to detect whether webdav is enabled for
different IIS builds and configurations.  I haven't tried Kris's script
yet, but intend to if it turns out that PROPFIND doesn't reliably work.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]