Sparty : A Frontpage and
Sharepoint Auditing Tool
Aditya K Sood (@AdityaKSood)
BlackHat Arsenal USA - 2013
SecNiche Securi...
About Me
• Senior Security Practitioner – IOActive
• PhD Candidate at Michigan State University
– Worked for Armorize, COS...
Sparty Overview !
• Open source tool written in python
• Assist penetration testers in routine jobs
• Written in python 2....
Frontpage Overview !
• Frontpage Flavors
 Microsoft IIS (.dll)
 Unix (.exe)
• Frontpage Access File Settings
 service.p...
Frontpage Overview (cont.) !
• Frontpage DLLs
 _vti_bin/_vti_adm/admin.dll  administrative tasks
 _vti_bin/_vti_aut/aut...
Frontpage Configuration Flaws !
• RPC service querying
• Command execution using author.dll via RPC
• File uploading throu...
Sharepoint Configuration Flaws !
• Exposed services on the Internet
• Excessive user Access [ admin.asmx, permissions.asmx...
Sparty Functionalities !
• Sharepoint and Frontpage Version Detection
• Dumping Password from Exposed Configuration Files
...
Sparty Options!
Version Fingerprinting !
Dumping Passwords !
Directories Check!
Scanning Access Permissions (1) !
Scanning Access Permissions (2) !
Exposed Services Check !
RPC Querying !
RPC Service Listing !
Try Other Options of Your Own 
Sparty : Next Version !
• Integration of publicly available vulnerabilities
• Detection of more advanced payloads for chec...
Project Details !
• Projects page: http://sparty.secniche.org
• Documentation: http://sparty.secniche.org/usage.html
Questions and Thanks !
• SecNiche Security Labs: http://www.secniche.org
• BlackHat USA Arsenal 2013 Team
• IOActive Inc.
Prochain SlideShare
Chargement dans…5
×

BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Auditing Tool !

16 257 vues

Publié le

A brief details of the tool to be released at BlackHat USA 2013 Arsenal.

Publié dans : Technologie, Design
0 commentaire
1 j’aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Nombre de vues
16 257
Sur SlideShare
0
Issues des intégrations
0
Intégrations
13 257
Actions
Partages
0
Téléchargements
39
Commentaires
0
J’aime
1
Intégrations 0
Aucune incorporation

Aucune remarque pour cette diapositive

BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Auditing Tool !

  1. 1. Sparty : A Frontpage and Sharepoint Auditing Tool Aditya K Sood (@AdityaKSood) BlackHat Arsenal USA - 2013 SecNiche Security Labs
  2. 2. About Me • Senior Security Practitioner – IOActive • PhD Candidate at Michigan State University – Worked for Armorize, COSEINC, KPMG and others. – Active Speaker at Security conferences » DEFCON, RSA, SANS, HackInTheBox, OWASP AppSec, BruCon and others – LinkedIn - http ://www.linkedin.com/in/adityaks – Twitter: @AdityaKSood – Website: http://www.secniche.org
  3. 3. Sparty Overview ! • Open source tool written in python • Assist penetration testers in routine jobs • Written in python 2.6 • Libraries support • import urllib2 • import re • import os, sys • import optparse • import httplib • Use Sparty with Back Track for penetration testing purposes • Works on other flavors also
  4. 4. Frontpage Overview ! • Frontpage Flavors  Microsoft IIS (.dll)  Unix (.exe) • Frontpage Access File Settings  service.pwd  frontpage passwords  service.grp  list of groups  administrators.pwd  passwords for administrators  authors.pwd  authors password  users.pwd for  users password
  5. 5. Frontpage Overview (cont.) ! • Frontpage DLLs  _vti_bin/_vti_adm/admin.dll  administrative tasks  _vti_bin/_vti_aut/author.dll  authoring FrontPage webs  _vti_bin/shtml.dll  browsing component • Frontpage virtual directories  vti_bin  _vti_bin_vti_aut  _vti_bin_vti_adm  _vti_pvt  _vti_cnf  _vti_txt  _vti_log.
  6. 6. Frontpage Configuration Flaws ! • RPC service querying • Command execution using author.dll via RPC • File uploading through RPC interface • Information disclosure in _vti_pvt, _vti_bin, etc. • Information disclosure in HTTP Response Headers • Directory indexing • Exposed password files in the web directories Sparty helps the penetration tester to gather information and to perform manual analysis later on !
  7. 7. Sharepoint Configuration Flaws ! • Exposed services on the Internet • Excessive user Access [ admin.asmx, permissions.asmx] • Information disclosure in HTTP Response Headers • Publicly available insecure deployments [GOOGLE/SHODAN] • Directory indexing • Some of the manual tests: • Third-party plugin checks • Inappropriate deployment of sharepoint services Sparty helps the penetration tester to gather information and to perform manual analysis later on !
  8. 8. Sparty Functionalities ! • Sharepoint and Frontpage Version Detection • Dumping Password from Exposed Configuration Files • Exposed Sharepoint/Frontpage Services Scan • Exposed Directory Check • Installed File and Access Rights Check • RPC Service Querying • File Enumeration • File Uploading Check
  9. 9. Sparty Options!
  10. 10. Version Fingerprinting !
  11. 11. Dumping Passwords !
  12. 12. Directories Check!
  13. 13. Scanning Access Permissions (1) !
  14. 14. Scanning Access Permissions (2) !
  15. 15. Exposed Services Check !
  16. 16. RPC Querying !
  17. 17. RPC Service Listing !
  18. 18. Try Other Options of Your Own 
  19. 19. Sparty : Next Version ! • Integration of publicly available vulnerabilities • Detection of more advanced payloads for checking admin.dll • Additional checks and tests against author.dll • Extended payloads
  20. 20. Project Details ! • Projects page: http://sparty.secniche.org • Documentation: http://sparty.secniche.org/usage.html
  21. 21. Questions and Thanks ! • SecNiche Security Labs: http://www.secniche.org • BlackHat USA Arsenal 2013 Team • IOActive Inc.

×