Exploit WebDAV on a Server & Get a Reverse Shell [Tutorial]

August 28, 2020 by 36 Comments



Get Our Premium Ethical Hacking Bundle (90% Off): https://nulb.app/cwlshop

How to Get a Shell with Web Distributed Authoring & Versioning
Full Tutorial: https://nulb.app/x4r43
Subscribe to Null Byte: https://goo.gl/J6wEnH
Nick’s Twitter: https://twitter.com/nickgodshall

Cyber Weapons Lab, Episode 186

WebDAV lets users collaborate on web projects remotely, and it can also be used to transfer files. But it also is a huge security risk if it has been configured improperly. Pentesters, hackers, cybersecurity specialists, and others can exploit it, eventually getting a shell on the server. In this episode of Cyber Weapons Lab, we’ll show you how it could be done using Metasploit to scan for WebDAV, DAVTest to test file execution policies, and Cadaver to upload a reverse shell and compromise the server.

To learn more, check out the article by drd_ on Null Byte: https://nulb.app/x4r43

Follow Null Byte on:
Twitter: https://twitter.com/nullbyte
Flipboard: https://flip.it/3.Gf_0
Website: https://null-byte.com
Weekly newsletter: https://eepurl.com/dE3Ovb
Vimeo: https://vimeo.com/channels/nullbyte

source

36 Replies to “Exploit WebDAV on a Server & Get a Reverse Shell [Tutorial]”

  1. Evelyn Exuma says:

    I'm the first view!!

  2. I guess now I can stop calling it webDAVE.

  3. 06_8B says:

    This is fire ur videos are helpful

  4. Make a telegram profile so we can ask u something about, your videos or else.

  5. Tales Grimm says:

    What is going on in these comments?😂

  6. Jorge says:

    There're some bots in the comments.

  7. Tales Grimm says:

    YouTube: Here's a hacking tutorial.

    Me: Oh this looks interes-

    Hacking tutorial: SO GO AHEAD AND OPEN UP PORT 486-

    Me: exits

  8. Lavish Jaat says:

    Why does your Kubuntu looks like Ubuntu?

  9. vivid says:

    I’m starting to miss the man who never blinks

  10. TOMYSSHADOW says:

    I don't understand this tutorial because I thought that WebDAV usually requires a username and password to even view a folder. In this video it looks like he already has credentials at which point it should be trivial to upload any PHP code (malicious or not) to the server. So this would be like saying there's an exploit in FTP because malicious PHP scripts could be uploaded via FTP if you're already signed in, which seems obvious… it wouldn't be an exploit because you shouldn't be able to upload files without credentials to the FTP server in the first place. Am I missing the part of this that is the actual exploit?

  11. Zero Sploit says:

    Nice job nick im going to try this on my webdav page

  12. 06_8B says:

    Can anyone tell me how to use WiFi on Kali Linux I have been having this problem for a while someone please help me I have a box with an x on it and when I go to WiFi it says no Ethernet and only has the vpn and thereby options without anything

  13. Noel Osmaj says:

    Where is kody?

  14. cl60cruzer says:

    Get off the frame skiddie. And put kody k back in.

  15. Thank you sir for help me and another people and I love you sir I am your big fan 💕💞💕

  16. That was coool. 💗💵💗 Like a UFC with linux.

  17. Res Res says:

    Great content. Generally prefer manual work and demonstration compared to just using msf

  18. Humza Ahmed says:

    Please make a video on how to scrap phone numbers,as well as performing mass database dumping for email and pass as well as phone number

  19. EoDevv says:

    I wonder if he knows how to boot people with putty and make a botnet like a Miria or qBot

  20. Please make a tutorial about KALI LINUX NETHUNTER

  21. k. eshwanth says:

    Hi bro. I am using kali in vmware in my laptop with contains Intel chip in it . When I try to run apache2 server in kali, it's not working. I have tried to restart it by uninstalling & installing it again. Can you help ee with this bro.

  22. Hey can you make a vid how a hacker find your wifi name and wifi password on console and social media

  23. Euryale F says:

    Great content, I've been following your videos for a year and half and I've never been disappointed. Can you please make a video about how to create a kernel for Kali NetHunter any android phone, please? I've seen your video about how to install Kali on an unrooted android phone, but some features don't properly work (such as: Wifite), I can't put it on monitoring mode. Thank you! And keep thay great work going!

  24. When I see the video fighting 😂🤣 with cat. I mean cat the linux command. Don't get me wrong 🤣 people. Was that the guy that doesn't blink at the end?

  25. Ha Mza says:

    MOM! THIS ONE BLINKS!!! WRITE THAT DOWN WRITE THAT DOWN

  26. Vicky Rawat says:

    Hey man, help me please
    I need your help😭🙏

  27. "Exploit WebDAV" in 2020? LOL…i remembered from 2000s when had some fun with few IIS

  28. Sakil Ahmed says:

    one request…please make a video of TBomb…please

  29. Angela Sian says:

    What is the search query on shodan to find webDAV ips or ho w do i find webDAV ips