STACH & LIU

SharePoint Hacking Diggity Project

The SharePoint Hacking Diggity Project is a research and development initiative dedicated to investigating the latest tools and techniques in hacking Microsoft SharePoint technologies. This project page contains downloads and links to our latest SharePoint Hacking research and free security tools. Assessment strategies are designed to help SharePoint administrators and security professionals identify common insecure configurations and exposures introduced by vulnerable SharePoint deployments.

   SharePoint – Google Diggity Dictionary

SharePoint – GoogleDiggity Dictionary File
New GoogleDiggity input dictionary file containing 121 queries that allow users to uncover SharePoint specific vulnerabilities exposed via the Google search engine. This dictionary helps assessors locate exposures of common SharePoint administrative pages, web services, and site galleries that an organization typically would not want to be made available to the public, let alone indexed by Google.

The dictionary text file can be used directly as input to the –f option of the GoogleDiggity.exe command line tool. Also, it can be imported for use within the SearchDiggity GUI tool from the menu: “File”->”Import Query Definition”.

   Downloads

Thank you for using Stach & Liu Tools. You download the file below:
SharePoint GoogleDiggity Dictionary – UPDATED 18 March, 2012

   SharePointURLBrute

SharePointURLBrute
SharePointURLBrute is a new SharePoint hacking utility developed to help assessors quickly test user access to 101 common SharePoint administrative pages (e.g. “Add Users” page -> /_layouts/aclinv.aspx) by automating forceful browsing attacks.

This command line tool is a must have for anyone assessing a Microsoft SharePoint deployment(s), enabling you to quickly identify holes in user access permissions that permit unauthenticated users to reach SharePoint administrative pages. Users can either provide the URL of a target SharePoint site or a text file containing multiple URLs to SharePoint sites to be tested in bulk. This handy utility also allows users to specify optional HTTP proxy details, as well as HTTP cookie information, thereby making it possible to test admin page access of an authenticated user.

The zip file download contains both the SharePointURLBrute Perl script and a Windows executable version generated from it using Perl2Exe. The zip also contains SharePoint – URL Extensions – 18MAR2012.pdf, a reference document that maps out common SharePoint administrative pages to their respective URL extensions (e.g. “Administration Web Service” -> http://<site>/_vti_bin/Admin.asmx. ).

   Downloads

Thank you for using Stach & Liu Tools. You can download the file below:
SharePointURLBrute v1.1 – 18MAR2012.zip – UPDATED 18 March, 2012

   SharePoint UserDispEnum

SharePoint UserDispEnum
UserDispEnum is a new SharePoint user enumeration tool that exploits insecure access controls to the /_layouts/UserDisp.aspx?ID=1 page. This utility cycles through the integer ID values from 1 onward to identify valid users, account names, and other related profile information that can be easily extracted from the SharePoint user profiles.

For real live examples of SharePoint site deployments insecurely exposing this functionality to anonymous users on the Internet, see Google results of: “http://www.google.com/#q=inurl:”/_layouts/userdisp.aspx”. Users can leverage Stach & Liu’s GoogleDiggity hacking tools to identify these exposures within their own organization, and then employ the UserDispEnum tool to exploit them during penetration tests.

   Downloads

Thank you for using Stach & Liu Tools. SharePoint_UserDispEnum_v1.zip will be available soon for download.

   SharePoint DLP Tools

SharePoint DLP Tools
COMING SOON – Stach & Liu data loss prevention (DLP) tools for Microsoft SharePoint. SharePoint DLP Tools utilize administrative web services to help automate the searching of SharePoint files and lists for SSNs, credit card numbers, passwords, and other common information disclosures.

SharePoint Hacking Diggity Presentations

 
OWASP L.A. – 22 Feb 2012 Presentation
SharePoint Security: Advanced SharePoint Security Tips and Tools
Francis Brown shares his SharePoint security research, new Tools/techniques, practical security tips based on experience from past SharePoint security assessments, and common security pitfalls to avoid in SharePoint deployments at OWASP L.A. in Los Angeles, CA on 22 Feb 2012 Presentation. Presentation slides can be downloaded here:
OWASP LA – SharePoint Hacking – 22Feb2012 – Slides.
 

HackCon 2011 – Oslo, Norway – 16 Feb 2011 Presentation
SharePoint Security: Advanced SharePoint Security Tips and Tools
Francis Brown shares his SharePoint security research, new Tools/techniques, practical security tips based on experience from past SharePoint security assessments, and common security pitfalls to avoid in SharePoint deployments at HackCon 2011 in Oslo, Norway on 16 Feb 2011 Presentation. Presentation slides can be downloaded here:
HackCon 2011 – Oslo, Norway – 16 Feb 2011 Presentation Slides.
 

ISSA Phoenix Chapter – 05 Oct 2010 Presentation
SharePoint Security: Advanced SharePoint Security Tips and Tools
Francis Brown shares his SharePoint security research, new tools/techniques, practical security tips based on experience from past SharePoint security assessments, and common security pitfalls to avoid in SharePoint deployments with the Phoenix Chapter of the ISSA on 05 Oct 2010. Presentation slides can be downloaded here:
ISSA Phoenix Chapter – 05 Oct 2010 Presentation Slides.

•  

  Contact

  For general inquiries or to find out more about our services, please contact us below.

  Address 4600 E Washington St Suite 300 Phoenix, AZ 85034 United States

  Phone +1 (480) 621-8967 Email diggity@stachliu.com