A quick 10 minute job... > head -n 9 finder.pl #!/bin/perl ## ## This script test for most of the methods used by WebDAV ## If the server does not complain about the method its an indication ## that WebDAV is in use.. ## ## Please see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp ## for info why this is interesting.. ## Typical output: > perl finder.pl www.blah.co.za 80 Testing WebDAV methods [www.blah.co.za 80] ------------------------------------- www.blah.co.za : Server type is Microsoft-IIS/5.0 Method PROPFIND seems to be allowed - WebDAV possibly in use Method PROPPATCH seems to be allowed - WebDAV possibly in use Method MCOL seems to be allowed - WebDAV possibly in use Method PUT seems to be allowed - WebDAV possibly in use Method DELETE seems to be allowed - WebDAV possibly in use Method LOCK seems to be allowed - WebDAV possibly in use Method UNLOCK seems to be allowed - WebDAV possibly in use > perl finder.pl www.moreblah.com 80 Testing WebDAV methods [www.moreblah.com 80] ------------------------------------- www.moreblah.com : Server type is Microsoft-IIS/5.0 Method PROPFIND is not allowed Method PROPPATCH is not allowed Method MCOL is not allowed Method PUT is not allowed Method DELETE is not allowed Method LOCK is not allowed Method UNLOCK is not allowed Enjoy/Butcher/Modify as you see fit. ---------------------------- SensePost Research www.sensepost.com research@sensepost.com ---------------------------- Disclaimer: This information is believed to be correct and accurate at the time of publishing. No warranty or any guarantee is given, directly, or implied as to its accuracy or completeness. In no event shall the author or SensePost be liable for any damages resulting from the use or abuse of this information. The information contained in this correspondence may be redistributed, provided it is not modified in any way or charged for.
#!/bin/perl ## ## This script test for most of the methods used by WebDAV ## If the server does not complain about the method its an indication ## that WebDAV is in use.. ## ## Please see http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp ## for info why this is interesting.. ## ## SensePost Research ## research@sensepost.com ## 2003/3/17 ## RT $|=1; use Socket; @methods = ("PROPFIND","PROPPATCH","MCOL","PUT","DELETE","LOCK","UNLOCK"); if ($#ARGV<1){die "parameters: IP/dns_name port\n";} $target=@ARGV[0]; $port=@ARGV[1]; print "Testing WebDAV methods [$target $port]\n-------------------------------------\n"; @results=sendraw2("HEAD / HTTP/1.0\r\n\r\n",$target,$port,15); if ($#results < 1){die "15s timeout to $target on port $port\n";} foreach $line (@results){ if ($line =~ /Server:/){ ($left,$right)=split(/\:/,$line); $right =~ s/ //g; print "$target : Server type is $right"; if ($right !~ /Microsoft-IIS\/5.0/i){ print "$target : Not a Microsoft IIS 5 box\n"; exit(0); } } } foreach $method (@methods){ @results=sendraw2("$method /test/nothere HTTP/1.0\r\n\r\n",$target,$port,15); if ($#results < 1){print "15s timeout to $target on port $port\n";} $okflag=0; foreach $line (@results){ if ($line =~ /Method Not Supported/i){ print "Method $method is not allowed\n"; $okflag=1; } if (($line =~ /method/i) && ($line =~ /not allowed/i)){ print "Method $method is not allowed\n"; $okflag=1; } } if ($okflag==0){ print "Method $method seems to be allowed - WebDAV possibly in use\n"; } } ########## Sendraw-2 sub sendraw2 { my ($pstr,$realip,$realport,$timeout)=@_; my $target2 = inet_aton($realip); my $flagexit=0; $SIG{ALRM}=\&ermm; socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || die("Socket problems"); alarm($timeout); if (connect(S,pack "SnA4x8",2,$realport,$target2)){ alarm(0); my @in; select(S); $|=1; print $pstr; alarm($timeout); while(<S>){ if ($flagexit == 1){ close (S); print STDOUT "Timeout\n"; return "Timeout"; } push @in, $_; } alarm(0); select(STDOUT); close(S); return @in; } else {return "0";} } sub ermm{ $flagexit=1; close (S); }
