Today i will explain you how to hack & deface webdav sites.
Is really easy , and this tutorial will clearly show you how to do it.
Let's start...
Open up the 'Map Network Drive'
- Windows XP : Right click on My Computer
- Windows 7 : Click the start bar
Now it will show a new little window.
Click on 'Sign up for online storage of conect to a network server'
A new window will show up , click next.
Again click next.
Now here type in the server's IP or domain that has WebDav enabled.
Ensure to put http:// and the webdav's directory. Otherwise it may not work. Then click next.
Now you'll get a login prompt. Login with these credentials :
User name : wampp
Password : xampp
And click OK.
At the next window you can choose whatever you want. But i prefer leaving it's default name. It's not important. Then click Next again.
Here is the last window , be sure to tick the checkbox 'Open this network place when I click Finish.'
And click Finish !
Now you'll get again the prompt , just login with the same credentials i mentioned before.
And w00t! w00t! , we have access on uploading files now. Just grab and drag with the cursor there an ASPX\ PHP shell (if it's accepts), a index html file or simply a text file.
Then go to your browser and navigate to http://yourslave/webdav/shell.php (replace shell.php with your shell's name). And you'll get access to its server.
So that's it , hope you enjoyed and learned something useful from my tutorial.
some vulns
NOTE : This isn't gonna work with all webdav sites. Hope you understood the vulnerability , (by using the default login credentials when installing webdav)
0 comments:
Post a Comment