2008/12/12 Viktor Gazdag <woodsp...@gmail.com>
> 2008/12/12 Andres Riancho <andres.rian...@gmail.com>
>
>> Viktor,
>>
>> On Thu, Dec 11, 2008 at 8:10 PM, Viktor Gazdag <woodsp...@gmail.com>
>> wrote:
>> > On Thu, Dec 11, 2008 at 6:10 PM, Viktor Gazdag <woodsp...@gmail.com>
>> wrote:
>> >>>
>> >>> > Hello Andres!
>> >>> >
>> >>> >
>> >>> > I look after the _vti_bin, but it can be exist if _vti_inf.html not.
>> >>> > The
>> >>> > _vti_bin could be anywhere and it is a virtual directory. I have to
>> >>> > rewrite
>> >>> > the frontpage_version plugin, because the _vti_inf.html default
>> place
>> >>> > is the
>> >>> > root,but it can be somewhere else.
>> >>> > Here is the link I read: http://support.microsoft.com/kb/828909
>> >>> > What should we do?
>> >>> >
>> >>> Accodring to the kb article: "Note By default, the _vti_inf.html file
>> >>> is located in the root of the site. For example, the file is located
>> >>> at http://servername/_vti_inf.html."; , is there any reason a user may
>> >>> change it? How hard is it to change it? Is it really possible?
>> >>
>> >> I found 1 or 2 website, so it is real. I don't know how hard to change,
>> i
>> >> didn't use frontpage server.
>>
>> It's not so hard, you should take a look at the phpinfo discovery
>> plugin, and take some ideas from there.
>>
>
> I meant that the _Vti_inf.html how hard to change, not the plugin.:)
>
If you have little time, please have a look at it. I don't know why it
doesn't appear in the KB window. Will it be OK?
>
>
>>
>> Cheers,
>>
>> >>>
>> >>> Cheers,
>> >>> --
>> >>> Andres Riancho
>> >>> http://w3af.sourceforge.net/
>> >>> Web Application Attack and Audit Framework
>> >>
>> >
>> >
>> >
>> ------------------------------------------------------------------------------
>> > SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas,
>> Nevada.
>> > The future of the web can't happen without you. Join us at MIX09 to
>> help
>> > pave the way to the Next Web now. Learn more and register at
>> >
>> http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
>> > _______________________________________________
>> > W3af-develop mailing list
>> > W3af-develop@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/w3af-develop
>> >
>> >
>>
>>
>>
>> --
>> Andres Riancho
>> http://w3af.sourceforge.net/
>> Web Application Attack and Audit Framework
>>
>
>
'''
frontpage_version.py
Copyright 2006 Andres Riancho
This file is part of w3af, w3af.sourceforge.net .
w3af is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.
w3af is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with w3af; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
'''
import core.controllers.outputManager as om
# options
from core.data.options.option import option
from core.data.options.optionList import optionList
from core.controllers.basePlugin.baseDiscoveryPlugin import baseDiscoveryPlugin
import core.data.parsers.urlParser as urlParser
from core.controllers.w3afException import w3afException
import core.data.kb.knowledgeBase as kb
import core.data.kb.vuln as vuln
import core.data.kb.info as info
import core.data.constants.severity as severity
import re
class frontpage_version(baseDiscoveryPlugin):
'''
Search FrontPage Server Info file and if it finds it will determine its version.
@author: Viktor Gazdag ( woodsp...@gmail.com )
'''
def __init__(self):
baseDiscoveryPlugin.__init__(self)
# Internal variables
self._analyzed_dirs = []
self._exec = True
self._exec_one_time = False
def discover(self, fuzzableRequest ):
'''
For every directory, fetch a list of files and analyze the response.
@parameter fuzzableRequest: A fuzzableRequest instance that contains (among other things) the URL to test.
'''
fuzzableRequestsToReturn = []
if not self._exec:
# This will remove the plugin from the discovery plugins to be runned.
raise w3afRunOnce()
else:
# Run the plugin.
if self._exec_one_time:
self._exec = False
is_404 = kb.kb.getData( 'error404page', '404' )
for domain_path in urlParser.getDirectories(fuzzableRequest.getURL() ):
if domain_path not in self._analyzed_dirs:
# Save the domain_path so I know I'm not working in vane
self._analyzed_dirs.append( domain_path )
# Request the file
frontpage_info_url = urlParser.urlJoin( domain_path , "_vti_inf.html" )
try:
response = self._urlOpener.GET( frontpage_info_url, useCache=True )
om.out.debug( '[frontpage_version] Testing "' + frontpage_info_url + '".' )
except w3afException, w3:
msg = 'Failed to GET Frontpage Server _vti_inf.html file: "' + frontpage_info_url + '".'
msg += 'Exception: "' + str(w3) + '".'
om.out.debug( msg )
else:
# Check if it's a phpinfo file
if not is_404( response ):
regex_str = 'FPVersion="(.*?)"'
frontpage_version = re.search(regex_str, response.getBody(), re.IGNORECASE)
if frontpage_version:
i = info.info()
i.setId( response.id )
i.setName( 'FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'The FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '" and the version of FrontPage Server Extensions is: "'
desc += frontpage_version.group(1) + '".'
i.setDesc( desc )
i['version'] = frontpage_version.group(1)
kb.kb.append( self, 'frontpage_version', i )
#Save this, so audit.frontpage plugins can use this information
kb.kb.save( self , 'frontpage_version' , frontpage_version )
om.out.information( i.getDesc() )
else:
# This is wierd... we found a _vti_inf file, but there is no frontpage
# information in it... IPS? WAF? honeypot?
i = info.info()
i.setId( response.id )
i.setName( 'Fake FrontPage Configuration Information' )
i.setURL( response.getURL() )
desc = 'A fake FrontPage Configuration Information file was found at: "'
desc += i.getURL()
desc += '". This may be an indication of a honeypot, a WAF or an IPS.'
i.setDesc( desc )
kb.kb.append( self, 'fake_frontpage', i )
om.out.information( i.getDesc() )
return fuzzableRequestsToReturn
def getOptions( self ):
'''
@return: A list of option objects for this plugin.
'''
ol = optionList()
return ol
def setOptions( self, OptionList ):
'''
This method sets all the options that are configured using the user interface
generated by the framework using the result of getOptions().
@parameter OptionList: A dictionary with the options for the plugin.
@return: No value is returned.
'''
pass
def getPluginDeps( self ):
'''
@return: A list with the names of the plugins that should be runned before the
current one.
'''
return []
def getLongDesc( self ):
'''
@return: A DETAILED description of the plugin functions and features.
'''
return '''
This plugin searches for the FrontPage Server Info file and if it finds it will try to
determine the version of the Frontpage Server Extensions. The file is located inside the
web server webroot. For example:
- http://localhost/_vti_inf.html
'''
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
