WebDAV (Web-based Distributed Authority Version) is a legacy protocol that can be defined as an extension of the HTTP protocol for collaborative file editing, as well as remote file management from an application. As mentioned, WebDAV is an obsolete protocol, but it is still relevant, given that it was exploited by Bumblebee malware back in 2023.
There are usually routes in the application like /webdav, which require login via dialog box (although it is possible to log in via URL), and the default credentials are usually webdav:webdav, but since this is not the law, we can try to brute-force it with Hydra.
hydra -L <user wordlist> -P <password wordlist> <host> http-get /webdav
Once logged into the WebDAV protocol we would be redirected to a directory listing, but more interesting than listing the files, we can test uploading a reverse shell via the HTTP PUT method:
curl -T <reverse shell> <URL>
Note: a particularity of PHP is that it does not overwrite existing files.
From there, just run the commands and be happy!
Top comments (0)