Page 154

128

Chapter 9

RHOSTS => 192.168.1.242, 192.168.13.242.252, 192.168.13.242.254, 192.168.4.116,
192.168.4.118, 192.168.4.122, 192.168.13.242.251, 192.168.13.242.234, 192.168.8.67,
192.168.6.113, 192.168.13.242.231, 192.168.13.242.249, 192.168.4.115, 192.168.8.66,
192.168.8.68, 192.168.6.62
msf auxiliary(webdav_scanner) >

run

[*] 192.168.1.242 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.13.242.252 (Apache/2.2.9 (Debian) proxy_html/3.0.0 mod_ssl/2.2.9
OpenSSL/0.9.8g) WebDAV disabled.
[*] Scanned 04 of 31 hosts (012% complete)
[*] Scanned 07 of 31 hosts (022% complete)
[*] 192.168.4.116 (Apache/2.2.3 (Red Hat)) WebDAV disabled.
[*] Scanned 10 of 31 hosts (032% complete)
[*] 192.168.4.122 (Apache/2.2.3 (Red Hat)) WebDAV disabled.
[*] Scanned 13 of 31 hosts (041% complete)
[*] 192.168.13.242.251 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.13.242.234 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 16 of 31 hosts (051% complete)
[*] 192.168.8.67 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 19 of 31 hosts (061% complete)

[*] 192.168.6.113 (Microsoft-IIS/5.0) has WEBDAV ENABLED

[*] 192.168.13.242.231 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 22 of 31 hosts (070% complete)
[*] 192.168.13.242.249 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 25 of 31 hosts (080% complete)
[*] 192.168.4.115 (Microsoft-IIS/6.0) WebDAV disabled.
[*] 192.168.8.66 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 28 of 31 hosts (090% complete)
[*] 192.168.8.68 (Microsoft-IIS/6.0) WebDAV disabled.
[*] Scanned 31 of 31 hosts (100% complete)
[*] Auxiliary module execution completed

As you can see in this example, a number of HTTP servers have been

scanned in the search for WebDAV , and only one happens to have
WebDAV enabled . This module has quickly identified a specific system
against which you can launch further attacks.

NOTE

Auxiliary module functionality goes far beyond scanning. As you will see in Chapter 14
auxiliary modules also work great as fuzzers with a little modification. A number of
denial-of-service modules are also available for Wi-Fi (including

dos/wifi/deauth

which can prove quite disruptive when used properly.

Anatomy of an Auxiliary Module

Let’s look at the makeup of an auxiliary module in a fun little example not
currently in the Metasploit repository (because it does not pertain to pene-
tration testing). This example will demonstrate how easy it is to offload a
great deal of programming to the Framework, allowing us to focus on the
specifics of a module.