Monday, June 15, 2009

IIS 6.0 WebDav Vulnerability Scan with Nmap

The latest Nmap 4.85BETA released and now supports scanning the recent IIS 6.0 WebDav Vulnerability.

Syntax:
nmap --script http-iis-webdav-vuln -p80,8080

Output example:
80/tcp open http syn-ack-- _ http-iis-webdav-vuln: WebDAV is ENABLED. Vulnerable folders discovered: /secret, /webdav

Metasploit Framework 3.3 also added their auxiliary module for the same function.

To update your MSF, ensure that you have the Internet connection then type:

cd /pentest/exploit/framework3
svn update

Check the latest auxiliary:

show auxiliary

- Semi
Posted by at No comments:
Subscribe to: Posts (Atom)