HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 35 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow HTTP header: PUT, DELETE, etc
EH-Net
May 22, 2013, 12:22:47 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: 1 [2]   Go Down
« previous next »
  Print  
Author Topic: HTTP header: PUT, DELETE, etc  (Read 17722 times)
0 Members and 1 Guest are viewing this topic.
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #15 on: August 19, 2010, 01:41:57 PM »
Quote from: xXxKrisxXx on August 19, 2010, 11:58:38 AM
Quote
Now that I can write in the web server root, I need to get a shell using asp. Any idea? I am currently searching in Google...

Maybe this may help?
http://carnal0wnage.blogspot.com/2010/05/more-with-metasploit-and-webdav.html

Wow, that got nasty at the end Wink

Nice find!
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
Jhaddix
Sr. Member
****
Offline Offline

Posts: 317



View Profile WWW
« Reply #16 on: August 28, 2010, 05:59:12 AM »
DAVtest is a newer tool for testing extensive web server options,

http://code.google.com/p/davtest/

it has also been implemented as a Nmap script, check out the scripts directory for more information.

The default shell it will give you is limited, i replace it with the new meterpreter PHP payload. Or you can supplement with Ironfist's AJAXShell (clean, better, faster than c99/r57/etc):

http://sourceforge.net/projects/ajaxshell/
Logged
GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #17 on: August 29, 2010, 06:03:22 PM »
I'm trying to implement this vulnerability into the up and coming DVWA LiveCD.

httpd.conf:
Code:
DavLockDB "/opt/lampp/htdocs/hackable/uploads"
Alias /webdav /opt/lampp/htdocs/hackable/uploads

<Location /webdav>
Dav On
</Location>


Apache is running as user 'nobody' in the 'nogroup' group.

I can connect but not execute any commands.Using a webdav client 'cadaver' I get an internal server error 500 when trying to execute any commands.

I assumed this was down to permissions so I changed the permissions as such:
Code:
chown -R nobody /opt/lampp/htdocs/hackable/uploads


Still no joy.

The DavTest tool also connects but fails on MKCOL and any PUT requests.

Any ideas?

EDIT:--

Apache 2.2.14, PHP 5.3.1, Ubuntu server 10.04 minimal

EDIT:--

Got it working. Smiley

DavLockDB needs a file name not folder directory. So changed this:
Code:
DavLockDB "/opt/lampp/htdocs/hackable/uploads"

for this:
Code:
DavLockDB "/opt/lampp/htdocs/hackable/uploads/DavLockDB"
« Last Edit: August 30, 2010, 06:48:18 AM by ethicalhack3r » Logged
Pages: 1 [2]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.06 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.