Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Scanning for WebDAV vulns
From: Ron <ron () skullsecurity net>
Date: Wed, 20 May 2009 18:17:31 -0500

Ron wrote:
Thierry Zoller wrote:
Hi Ron,

Thanks, you might want to have an option to check for write access,
on some strange setups this might actually happen.

There's no easy way, that I know of, to check for Write access. That
being said, there's a pretty good chance that if you exploit the
install, you'll have write access anyways -- I'm assuming people
generally give r/w access to Administrator (or whoever) -- what's the
point of running WebDAV if you don't?.

Ron

On a related note, my friend and I wrote an exploit for it. Basically,
take the patch we wrote and apply it to the latest version of Cadaver.
Then connect to the vulnerable site with Cadaver and navigate like you
normally would. It's great fun :)

He did an amazing and detailed writeup of the vulnerability and the
exploit and everything else here:
http://www.skullsecurity.org/blog/?p=285

It includes how to detect WebDAV, how to exploit Windows XP/2003, and
the actual code for the exploit.

Have fun, and be responsible :)

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]