background image

128

Chapter 9

RHOSTS => 192.168.1.242, 192.168.13.242.252, 192.168.13.242.254, 192.168.4.116, 
192.168.4.118, 192.168.4.122, 192.168.13.242.251, 192.168.13.242.234, 192.168.8.67, 
192.168.6.113, 192.168.13.242.231, 192.168.13.242.249, 192.168.4.115, 192.168.8.66, 
192.168.8.68, 192.168.6.62
msf auxiliary(webdav_scanner) > 

run

[*] 192.168.1.242 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.13.242.252 (Apache/2.2.9 (Debian) proxy_html/3.0.0 mod_ssl/2.2.9 
OpenSSL/0.9.8g) WebDAV disabled.
[*] Scanned 04 of 31 hosts (012% complete)
[*] Scanned 07 of 31 hosts (022% complete)
[*] 192.168.4.116 (Apache/2.2.3 (Red Hat)) WebDAV disabled.
[*] Scanned 10 of 31 hosts (032% complete)
[*] 192.168.4.122 (Apache/2.2.3 (Red Hat)) WebDAV disabled.
[*] Scanned 13 of 31 hosts (041% complete)
[*] 192.168.13.242.251 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.13.242.234 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 16 of 31 hosts (051% complete)
[*] 192.168.8.67 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 19 of 31 hosts (061% complete)

 [*] 192.168.6.113 (Microsoft-IIS/5.0) has WEBDAV ENABLED

[*] 192.168.13.242.231 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 22 of 31 hosts (070% complete)
[*] 192.168.13.242.249 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 25 of 31 hosts (080% complete)
[*] 192.168.4.115 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.8.66 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 28 of 31 hosts (090% complete)
[*] 192.168.8.68 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 31 of 31 hosts (100% complete)
[*] Auxiliary module execution completed

As you can see in this example, a number of HTTP servers have been 

scanned in the search for WebDAV  , and only one happens to have 
WebDAV enabled  . This module has quickly identified a specific system 
against which you can launch further attacks.

NOTE

Auxiliary module functionality goes far beyond scanning. As you will see in Chapter 14 
auxiliary modules also work great as fuzzers with a little modification. A number of 
denial-of-service modules are also available for Wi-Fi (including 

dos/wifi/deauth

), 

which can prove quite disruptive when used properly.

Anatomy of an Auxiliary Module

Let’s look at the makeup of an auxiliary module in a fun little example not 
currently in the Metasploit repository (because it does not pertain to pene-
tration testing). This example will demonstrate how easy it is to offload a 
great deal of programming to the Framework, allowing us to focus on the 
specifics of a module.