Metasploit modules to perform SharePoint misconfiguration exploitation.

Metasploit modules to perform SharePoint misconfiguration exploitation.

Metasploit modules to perform SharePoint misconfiguration exploitation. Modules:
+ sharepoint_brute_browse.rb:
This SharePwn module searches for common SharePoint services, directories, and files via brute force browsing. This information can be used to test misconfigured permissions on SharePoint sites. To set an HTTP Error Code other than ‘404’, use the Advanced Option ‘ErrorCode’.

sharepoint_brute_browse

sharepoint_brute_browse

+ sharepoint_version_id.rb:
This SharePwn module performs an initial interrogation of a SharePoint server to discover the installed SharePoint version, as well as the current Health Score and other server information.

sharepoint_version_id

sharepoint_version_id

+ sharepoint_people_enumeration – [IN-DEVELOPMENT] Leverages the People.asmx service to enumerate intenral systems and accounts (This is based on experience during previous engagements, when, with a valid account or misconfigured service, we were able to enumerate system names, network accounts, built-in accounts, etc that were not SP users, but exist in AD.)
+ sharepoint_user_enum – Enumerate SP users module; based on syntaxerr66’s UserID module, updated with additional parameter and other modifications

Example Usage:

Source : https://github.com/0rigen