List, Andres,
The idea is that for every directory found by web_spider exploit the
vulnerability and gettting the short name list of directories and files.
Then with this files like "ASPNET~1" try a directory brute force that only
be done with directory names that match with the first 6 characters.
Yeah, this code is only a POC, should by rewrited. I need some new ideas on how
to do this.
Andres, I use a very small dictionary to test the plugin:
https://code.google.com/p/tvelazquez/source/browse/pentest/w3af-plugins/discovery/iis_short_name_brute/common_dirs_iis.db
Regards
On Fri, Oct 5, 2012 at 9:25 PM, Andres Riancho <andres.rian...@gmail.com>wrote:
> List, Tomas,
>
> > -
> https://code.google.com/p/tvelazquez/source/browse/pentest/w3af-plugins/discovery/iis_short_name_brute.py
>
> Wanted to do that for a while! It was in my TODO list [0] , search for
> 8.3. My idea was different from the one you've implemented, could you
> explain to us what this does? I see that it verifies that the remote
> server has this feature and then it tries to bruteforce it, but I was
> expecting tests like backup~.zip , are those in common_dirs_iis.db?
> Could you share that file?
>
> Send us more info about the techniques used, how it was tested, etc.
>
> [0] https://sourceforge.net/apps/trac/w3af/wiki/andres%27-TODO
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
