Frontpage snoop


Version: 1.2 beta
Date: 2013-08-5
Size:
69KB
Requirements:
.NET Framework 3.5 or higher
Seller:
SecurityFox
Price:
Free
System:
Windows 7/Vista/2003/XP/2000
Rating:
4.9
License:
Freeware

Description - Frontpage snoop



This tool takes advantage of frontpage enabled web servers by checking for weaknesses in an automated fashion. It will firstly Attempt to get the "service.pwd" file from the target website which will HOLD the username(s) and password(s) for that site in a user:h45h fashion, were the password will have the DES hash that is relatively easily cracked - which will enable an attacker full admin access to the site. It lists all the /_vti_pvt/ files which divulges a lot of info, it then tries the /_vti_inf.html file which, when you view the source code of that page, shows in the comments the servers configuration and settings. And lastly it attempts to check if FTP is enabled as an upload access point (if not it`ll likely be webdav or fp extensions). As you can see this can lead to the entire compromise of a vulnerable server in an easy to use automated fashion. Coded in VC++ required the .NET Framework 3.5 or above.

Frontpage snoop Automated Fashion Frontpage Snoop


More in Web Servers-Frontpage snoop

Password Servers Automated Fashion Full Admin Access