![davtest how to exploit txt and html executable davtest how to exploit txt and html executable](https://vk9-sec.com/wp-content/uploads/2021/09/word-image-22.png)
![davtest how to exploit txt and html executable davtest how to exploit txt and html executable](https://vk9-sec.com/wp-content/uploads/2021/09/word-image-33.png)
- #DAVTEST HOW TO EXPLOIT TXT AND HTML EXECUTABLE CODE#
- #DAVTEST HOW TO EXPLOIT TXT AND HTML EXECUTABLE PASSWORD#
Using the information we have gained from the enumeration step, let's use the exploit/windows/iis/iis_webdav_upload_asp exploit from Metasploit to perform remote code execution. So you can see that ASP can be executed and luckily there is a Metasploit module for WebDAV that supports RCE with ASP shells. It requires the authentication credentials and the WebDAV URL to upload the files and execute them. Testing the web shell can be automated with the davtest tool. WebDAV is available at Test File Upload and Execution nmap -p80 -script http-enum 10.4.30.179įinally, we got the web directory to exploit. To further enumerate you can use the http-enum script to further enumerate directories used by popular web applications and servers. This is interesting as you can upload and test whether the shell is working on not.īut first, you need to find the path of WebDAV, as like an HTTP resource it can be accessed like a route on HTTP. Also, you can see the PUT method is allowed, this means you can upload the file and with the GET method, you can execute it. All the scripts used here are documented on the NSEDoc page nmap -p80 -sC 10.4.30.179įrom the output, it is clear that the WebDAV extension is enabled and the server is Microsoft-IIS/10.0. This will execute the default Nmap scripts configured in the tool itself. To take a step further in enumeration, we will perform default script execution on port 80 of the target. I found that port 80 is running a web server and as you WebDAV is an HTTP extension, so we will pivot our enumeration particularily to this port from now onwards. In this, I will use the Nmap tool to scan the target nmap -sV -top-ports 65535 -min-rate 1000 10.4.30.179 This is called active scanning where you directly query information from the target. When the lab is first spawned, this file will be opened in the text editor Enumerationįirst of all, you need to have a list of open ports running on the target. The IP of the target can be found in the /root/Desktop/target file. All you need to do is, enumerate the server, find the WebDAV path and perform remote code execution on it. In this, I will discuss such a case, where are already provided with login credentials in the lab description.
#DAVTEST HOW TO EXPLOIT TXT AND HTML EXECUTABLE PASSWORD#
Though it is protected by HTTP basic auth but could be dangerous if the username and password is exposed or can be brute-forced WebDAV is an extension to HTTP protocol defined in RFC 4918 which provides a framework for users to create, change and move documents on a server.