Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: General Webdav NSE script and the new IIS6 vulnerability
From: Gutek <ange.gutek () gmail com>
Date: Wed, 20 May 2009 19:20:52 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------
Fyodor wrote:
But that security-basics thread also highlighted an old, more general
Webdav script from Kris which some people were using to help find
potentially vulnerable systems (those with IIS6+WebDAV enabled):

http://ack-rst.com/scripts/webdav.nse


It's good to see people using a script I wrote but completely forgot about,
especially when I can see code comments I don't remember like "'OPTIONS
*' may
seem like a good idea (it did to me), but it blows"  :-)

Upon first glance it appears that the script hosted on ack-rst is the
same as
the one I originally posted to nmap-dev, aside from them copying part of my
email into the description field:

http://seclists.org/nmap-dev/2008/q1/0267.html
(...)
- --------------

Since the release of the NSEngine I look for interresting scripts
projects, PoCs and devs.
I'm focusing on those witch are still not approved for any Nmap
"official" dev branch exactly because of what appens here : I think that
one day, someone could find one of those projects on my repository and
says "hey, that's pretty cool ! specially now, with this news flaw
spreading on the Net ! Who wrote that ? What was the idea ? I want to be
a part of it."

That's why I also add some relevant comments (from dev list) from the
author to the short comments provided inside the script, as well as some
output examples.


regards,

A.Gutek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQD1AwUBShQ79KT8wswsJm43AQKhrAb+KZ7w6zBuESzA6ycueJOkUo/ECs3NkIen
BQaBgc8rM4YbNuyZEnEwjqSTLbbKWZ3qcjCVvesfK4q77VWE5cRDHagJbWk56mK0
QSUKz9JlDVg+hZ4oMi9uenEkr4y5NMJC12zGNianjUOCRSENuSwmrWecALWDEkSa
K7w9tpFM0dzrvMAMB/XlqScZPBC/lCOtV/VfznV1DPcXsmPJqOsvMJh+1KRaW1Rv
WV/0vOP5yD7aN2qsuukL0dRnpxjxsdX19BFDXh+kVgehpUYKnnqCdQ+aLRFe5QDF
6+Cd2I3oLgQ=
=qzyB
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]