Penetration Testing mailing list archives
Fun with WebDAV?
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Tue, 17 Aug 2004 16:06:53 -0400
Other than the obvious stuff - looking for vulnerable versions and making unauthenticated WebDAV connections through network neighborhood, what kind of fun stuff can you do with WebDAV? I have found a number of simple tools, one that will scan for the existence of WebDAV on a range of IP addresses, and others that will test for vulnerable versions. I've also found an Atstake advisory about enumerating directories that have the index server running and have been flagged as to be indexed (www.atstake.com/research/advisories/2000/a100400-1.txt). However, this isn't much to go on. Other than this, I am somewhat ignorant about any other pentesting tools that folks might be using. Are there any tools to enumerate directories? Brute force authentication? Anything? Thanks, Mark Lachniet
Current thread:
- Fun with WebDAV? Lachniet, Mark (Aug 19)