Monday, May 7, 2012

From LOW to PWNED [6] SharePoint

Post [6] SharePoint

Misconfigured SharePoint  can be *really* useful. Examples of things you can do with it are:
  • User/Domain Enumeration
  • Access to useful files
Regular / Auth Protected SharePoint also gives you a point to conduct brute-force attacks against AD or SharePoint users.

We regularly find awesome stuff  once we have access to SharePoint. Its not uncommon to find service account passwords, alarm information, employee directories, all kinds of useful stuff.


Finding SharePoint servers

random targets...lots of interesting things can be found with google dorks.

If you need to look at specific servers:

Stach and Liu's has released their SharePoint Diggity tools

you can also roll your own

Examples of open access

If you have credentials you can use web services calls to pull information from AD, from:

Stuff to read:



trotmaster said...

Great points on the repercussions of low vulns. I think most low vulns get overlooked unless it is explained in the bigger picture. Yes it's only enumeration, but look at what that can lead to... My personal favourites for "low" risk vulnerabilities are clickjacking and CSRF. For example:

marcotinari said...

Your posts are always useful and to the point.
Those low vulns are fantastic when meet critical ones.....
for example if you find a stored XSS in SharePoint it's fun to perform privilege escalation via those exposed WebServices...
that's a tiny POC...

Thanks for your great blog!!