Sunday, May 24, 2009

WebTuff - IIS 6.0 WebDAV Authentication Bypass PoC

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit

web shell upload - creating a backdoor
website defacement
passwords and sensitive information theft
local execution of uploaded malicious code


"Copyright 2009, Raviv Raz - ravivr@gmail.com"
print "WebTuff is a testing utility that verifies"
print "whether your IIS server is vulnerable to"
print "Microsoft IIS 6.0\nWebDAV Remote Authentication Bypass"
print "In a successful breach, WebTuff saves the"
print "remote resource locally under the same name"
print "\nUsage: %s \nFor example: %s http://www.victim.com/path/to/file.txt"%(argv[0],argv[0])


The following WebTuff utility is a proof of concept that performs the following actions:

1-Try to retrieve the file at the given URI using a simple WebDAV GET command
2-Try to retrieve the file at the given URI using a simple WebDAV GET command, and the assistance of our friends %c0 and %af in the middle of the URI
3-Save the retrieved file locally and / or report server response

Download and More Info

No comments: