HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 45 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Pen Testing Sharepoint
EH-Net
May 24, 2013, 03:52:59 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Pen Testing Sharepoint  (Read 10772 times)
0 Members and 1 Guest are viewing this topic.
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« on: October 01, 2010, 08:07:52 AM »
Ok, So I have an assignment to pentest a sharepoint site... I will obviously do the necessary like I would in any other test but want to know if anyone has any tips or resources they can point me to that may help...

Cheers
Logged
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1060


aka dynamik


View Profile WWW
« Reply #1 on: October 01, 2010, 08:45:28 AM »
Scavenge for info first and foremost; people post all kinds of useful tidbits. Always do recon before attempting any fancy techniques.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #2 on: October 01, 2010, 08:59:45 AM »
I forgot where I got this list, but here are some paths of note you may wish to try. You will need to plug any subsite paths before them:


/_layouts/viewlsts.aspx
/forms/allitems.aspx
/forms/webfldr.aspx
/forms/mod-view.aspx
/forms/my-sub.aspx
/pages/categoryresults.aspx
/categories/viewcategory.aspx
/sitedirectory
/editdocs.aspx
/workflowtasks/allitems.aspx
/lists/tasks/
/categories/allcategories.aspx
/categories/SOMEOTHERDIR/allcategories.aspx
/mycategories.aspx
/lists/
        /allitems.aspx
        /default.aspx
        /allposts.aspx
        /archive.aspx
        /byauthor.aspx
        /calendar.aspx
        /mod-view.aspx
        /myposts.aspx
        /my-sub.aspx
        /allcomments.aspx
        /mycomments.aspx
/_layouts/userdisp.aspx
/_layouts/help.aspx
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
T_Bone
Full Member
***
Offline Offline

Posts: 199


View Profile
« Reply #3 on: October 05, 2010, 04:45:32 AM »
I would expect the document below that contains 20 pages to be SUPERB at that price!

http://www.gartner.com/DisplayDocument?id=894420
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.052 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.