SharePoint security-cracking SharePoint (hacker tool Introduction)

SharePoint security-cracking SharePoint (hacker tool Introduction)

SharePoint is highly secure, which is the first impression in our subconscious, so the specific security has not been carefully studied. But in fact, there is no such thing as absolute security. The most insecure part lies in human operations.

Previously, the Jasondct God posted a post about the security of SharePoint, so he searched for information on the Internet and found a tool called SharePointURLBrute, which was used as a product that attacked SharePoint, so I gave you a general overview of the usage.

In the tool introduction, we first mentioned a classic saying: The best defense is attack (sometimes ). It's very strict. First, we need to whitewash this item. This tool is not intended to be messy, to help SharePoint website administrators and security experts identify common insecure configurations and vulnerable SharePoint deployment risks.

This command line tool is used to help users quickly test the access permissions of 101 commonly used SharePoint management pages through automated forced browser access attacks. For example, the/_ layouts/aclinv. aspx page is a page that grants permissions to users.

Users can call the command line to perform detection by entering the URL of A SharePoint site or text containing multiple SharePoint site URLs to be tested as input parameters, optional HTTP protocol details and HTTP Cookie information are provided. The specific usage is shown in.

Take my local SharePoint website as an example. decompress the downloaded tool and change the folder name to HackTool and copy it to the root directory of drive C.

Open the CMD command line tool and go to this directory.

Run the SharePointURLBrute-a "http: // spf01/"-e SharePoint-UrlExtensions-18Mar2012.txt

Running...

Running completed

We can see from the results that 16 SharePoint management URLs have been found. We go back to the tool directory to view and generate 3 files.

Open the urlsfound.txt file and you can see the list of URLs found. The first two are pages, and the other are services. When I access the first two pages in my environment, they are blank pages. After the URL is added with the ID parameter, authentication is required. Therefore, it is safer.

 

Starting SharePointURLBrute: Fri Dec 19 14:48:44 2014http://spf01/_layouts/userdisp.aspxhttp://spf01/_layouts/useredit.aspxhttp://spf01/_vti_bin/alerts.asmxhttp://spf01/_vti_bin/dspsts.asmxhttp://spf01/_vti_bin/forms.asmxhttp://spf01/_vti_bin/Lists.asmxhttp://spf01/_vti_bin/people.asmxhttp://spf01/_vti_bin/Permissions.asmxhttp://spf01/_vti_bin/UserGroup.asmxhttp://spf01/_vti_bin/versions.asmxhttp://spf01/_vti_bin/Views.asmxhttp://spf01/_vti_bin/webpartpages.asmxhttp://spf01/_vti_bin/webs.asmxhttp://spf01/_vti_bin/SharepointEmailWS.asmxhttp://spf01/_vti_bin/spsearch.asmxhttp://spf01/_vti_bin/WebPartPages.asmxFinished SharePointURLBrute: Fri Dec 19 14:48:47 2014

These URLs can be directly accessed, which provides a reference for SharePoint administrators to evaluate security.