This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Research for SharePoint (MOSS)"
From OWASP
(Added tool (SPScan)) |
(Added SharePoint Enumerator (Professionally Evil)) |
||
| Line 66: | Line 66: | ||
== SharePoint Hacking == | == SharePoint Hacking == | ||
==== SharePoint Hacking Tools ==== | ==== SharePoint Hacking Tools ==== | ||
| + | * [http://extensions.professionallyevil.com/beef.php SharePoint Enumerator | Professionally Evil] - This is a collection of 4 modules that help enumerate the SharePoint server the victim is connected to. | ||
* [http://sparty.secniche.org/ Sparty] - MS Sharepoint and Frontpage Auditing Tool | * [http://sparty.secniche.org/ Sparty] - MS Sharepoint and Frontpage Auditing Tool | ||
* [https://github.com/toddsiegel/spscan SPScan] - SharePoint scanner and fingerprinter based on WPScan | * [https://github.com/toddsiegel/spscan SPScan] - SharePoint scanner and fingerprinter based on WPScan | ||
Revision as of 22:39, 11 November 2013
This page contains research notes on Microsoft's SharePoint MOSS and WSS
Resources
Microsoft resources
- Security Architecture for SharePoint Products and Technologies (Word Doc)
- SharePoint Community Portal
- Downloadable book: Security for Office SharePoint Server 2007 - link to 277 page Doc file
- SharePoint End User Security
Other Resources and Documentation
- SharePoint Security Concepts - contains a number of other links to more material
- SharePoint Security Best Practices - $995 Gartner report
- Microsoft Office SharePoint Server 2007 Security Model
- SharePoint Security Concerns Simply a Lack of Governance?
- Governance Key for SharePoint Implementations
Presentations
- HackCon 2011 - Oslo, Norway - February 16, 2011 : SharePoint Security: Advanced SharePoint Security Tips and Tools
- OWASP Houston Chapter - August 12, 2009 : SharePoint Auditing and Penetration Testing Presentation by: Shohn Trojacek
- from Denim group:
- Securing SharePoint (PDF Format) - TASSCC Technology Education Conference in Austin, March 26, 2009
- Securing Sharepoint (PDF Format) - Texas Regional Infrastructure Security Conference (TRISC) in Austin, March 24, 2009
- A Primer to SharePoint Security - video
Other interesting resources
Other Blogs and Articles
- Microsoft SharePoint: A Weak Link In Enterprise Security? - Dark Reading
Published Security issues
- {Note: Add MSRC case}
- http://milw0rm.com/exploits/8704 & http://milw0rm.com/sploits/2009-IIS-Advisory.pdf
Open Source
- From CodePlex (see more on this search for SharePoint Security
Commercially Supported
- ARB Security Solutions (www.sharepointsecurity.com)
- AbsoluteProof for MS SharePoint - related article Surety Releases AbsoluteProof for SharePoint
- Sharepoint case study (marketing doc)
Dangerous MOSS APIs
Map the security implications of MOSS APIs, for example:
- which APIs (if badly used)are vulnerable to: XSS, CSRF, SQL Injection
- configuration settings that have security implications
- SharePoint Enumerator | Professionally Evil - This is a collection of 4 modules that help enumerate the SharePoint server the victim is connected to.
- Sparty - MS Sharepoint and Frontpage Auditing Tool
- SPScan - SharePoint scanner and fingerprinter based on WPScan
- Stach & Liu's SharePoint Hacking Diggity Project - SharePoint hacking tools project page. Currently includes such hacking tools as:
- SharePoint – GoogleDiggity Dictionary File - New GoogleDiggity input dictionary file containing 118 queries that allow users to uncover SharePoint specific vulnerabilities exposed via the Google search engine. This dictionary helps assessors locate exposures of common SharePoint administrative pages, web services, and site galleries that an organization typically would not want to be made available to the public, let alone indexed by Google.
- SharePointURLBrute - SharePointURLBrute is a new SharePoint hacking utility developed to help assessors quickly test user access to 99 common SharePoint administrative pages (e.g. “Add Users” page -> /_layouts/aclinv.aspx) by automating forceful browsing attacks.
- SharePoint UserDispEnum - UserDispEnum is a new SharePoint user enumeration tool that exploits insecure access controls to the /_layouts/UserDisp.aspx?ID=1 page. This utility cycles through the integer ID values from 1 onward to identify valid users, account names, and other related profile information that can be easily extracted from the SharePoint user profiles.
- SharePoint DLP Tools - COMING SOON – Stach & Liu data loss prevention (DLP) tools for Microsoft SharePoint. SharePoint DLP Tools utilize administrative web services to help automate the searching of SharePoint files and lists for SSNs, credit card numbers, passwords, and other common information disclosures.
- 2008
- hak5 - Episode 407 - Toorcon 2008: Robin Wood, Dan Griffin - see 11:10 minute mark in video for interview with Dan Griffin about SharePoint Hacking.
- 2013
- TMI: Assessing and Exploiting SharePoint at DerbyCon 3.0
- Sparty - Blackhat USA 2013 Sparty : A Frontpage and Sharepoint Auditing Tool
WebParts Security
- Security ratings & mappings of MOSS Deployed Web Parts
- Security ratings & mappings of 3rd Part Web Parts
