RE: WebDAV and nmap.

["Rafael Torrales Levaggi" <rtorrales () novared cl>]

If they are YOUR networks, why you need to FIND the IIS servers?

-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
En nombre de la_bigmac () hotmail com
Enviado el: lunes, 18 de mayo de 2009 8:28
Para: security-basics () securityfocus com
Asunto: WebDAV and nmap.

Hello,

I would like to scan my networks to find any IIS6 servers that currently
have WebDAV inuse. Looks like webDAV has issues again allowing for
authentication bypass... 

Would the nmap scripting engine be a good tool to automate this? Does
anyone already have an .nse to look at and inspect a http response? Or
sample scrips that I could adapt.

I can find the IIS6 servers using a version scan its the webDAV support
I am stuck on.. 

Any help would be great. 

Mat.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor means
you pass the exam. Gain a laser like insight into what is covered on the
exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------