IIS WebDav
Microsoft IIS (Internet Information Services) - a Microsoft proprietary extensible web server developed for use with Windows.
Ports:
80
(no certificate),443
(with SSL Certificate)Host websites and web applications
Administrative GUI for IIS management
Static and dynamic web pages, developed in
ASP.NET
andPHP
Supported file extensions:
.asp
,.aspx
,.config
,.php
🗒️ WebDAV (Web Distributed Authoring & Versioning) - a set of HTTP protocol extentions used by users to manage file on remote web servers.
Web server as
File server
Runs on top of Apache or IIS - ports
80
/443
Credentials,
username
&password
, are necessary for connection the WebDAV server
WebDAV Exploitation
Check if WebDAV is configured to run on the IIS web server.
Brute-force attack on the WebDAV server - identify legitimate credentials.
Use the obtained credentials to authenticate with the WebDAV and upload malicious code, like an
.asp
payload, used to execute arbitrary commands or obtain reverse shell on the target.
TOOLS:-
davtest
- scanner tool used to scan, authenticate and exploit a WebDAV server, by uploading test executable files which allow for command execution on the target. Pre-installed on Kali Linux and Parrot OS.cadaver
- supports file upload, download, on-screen display, in-place editing, namespace operations (move/copy), collection creation and deletion, property manipulation, and resource locking. Pre-installed on Kali Linux and Parrot OS.
EXPLOITATION:-
#Hydra
Try
hydra
to brute force WebDAV in this case
In this case there were no credentials that matched
#Davtest
Now we will try Davtest tool to see which extention and format of files the server support
NOTE:- Davtest tool requires legitamate credentials to authenticate with

Cadaver
Use
cadaver
to upload an.asp
payload to the/webdav
directory
use cadaver to login by using the follwoing command
Upload your payload in using the following command
Access the backdoor using the browser
http://10.3.26.115/webdav/webshell.asp
Windows commands can be provided in the box

Last updated