Post [6] SharePoint
Misconfigured SharePoint can be *really* useful. Examples of things you can do with it are:
User/Domain Enumeration
Access to useful files
Regular / Auth Protected SharePoint also gives you a point to conduct brute-force attacks against AD or SharePoint users.
<a href="http://3.bp.blogspot.com/-A-hn34rGLSM/T5Fzgh9NJbI/AAAAAAAAAww/FEYYKgg-QZs/s1600/sharepoint-blog6.PNG"></a>
We regularly find awesome stuff once we have access to SharePoint. Its not uncommon to find service account passwords, alarm information, employee directories, all kinds of useful stuff.
LOW?
<a href="http://1.bp.blogspot.com/-cFTr-t_9p-w/T5FvKSkoZCI/AAAAAAAAAwA/xYhU7-JupTE/s1600/sharepoint-nessus-low.PNG"></a>
Finding SharePoint servers
random targets...lots of interesting things can be found with google dorks.
<a href="http://2.bp.blogspot.com/-JOpJGBhpMEU/T5Fwr9Faa2I/AAAAAAAAAwI/sC_wHkHwivA/s1600/sharepoint-blog1.PNG"></a>
If you need to look at specific servers:
Stach and Liu's has released their SharePoint Diggity tools
<a href="http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/">http://www.stachliu.com/resources/tools/sharepoint-hacking-diggity-project/</a>
you can also roll your own
<a href="http://code.google.com/p/fuzzdb/source/browse/trunk/Discovery/PredictableRes/Sharepoint.fuzz.txt">http://code.google.com/p/fuzzdb/source/browse/trunk/Discovery/PredictableRes/Sharepoint.fuzz.txt</a>
<a href="http://3.bp.blogspot.com/-U5le9--BsIc/T5FxRHVCFHI/AAAAAAAAAwQ/DiTUkhR0EsY/s1600/sharepoint-blog2.PNG"></a>
Examples of open access
<a href="http://3.bp.blogspot.com/-euDpsCY8SS0/T5Fx-KoIM_I/AAAAAAAAAwY/4OPS0ji8AUg/s1600/sharepoint-blog3.PNG"></a>
<a href="http://1.bp.blogspot.com/-PQyrD_HR8eI/T5Fx-n6_UTI/AAAAAAAAAwg/zWncOkSo6XQ/s1600/sharepoint-blog4.PNG"></a>
<a href="http://3.bp.blogspot.com/-hwwsZT0Qf-A/T5FzDy-IQSI/AAAAAAAAAwo/tq33x4NZZ5o/s1600/sharepoint-blog5.PNG"></a>
Stuff to read:
<a href="http://www.mindedsecurity.com/fileshare/Fedon_Athcon_June11.pdf">http://www.mindedsecurity.com/fileshare/Fedon_Athcon_June11.pdf</a>
<a href="https://www.owasp.org/index.php/Research_for_SharePoint_%28MOSS%29">https://www.owasp.org/index.php/Research_for_SharePoint_%28MOSS%29</a>
![SharePoint 2013 通過審計擷取文檔下載下傳次數[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)