Results 1 to 6 of 6

Thread: Hacking IIS via WebDAV

  1. #1
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Hacking IIS via WebDAV

    Skid Rock: Hacking IIS via WebDAV

    Here is a write-up of how to use WebDAV to your advantage when it comes to testing IIS.

    Enjoy!
    I got 99 problems but the bits ain't one...

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Hacking IIS via WebDAV

    Just a note, the heading of the link is probably not quite not safe for work. Just a heads up to anyone who clicks links while their boss is learning to use driftnet.

    Edit: Oh yes, and the write up isn't too shabby. A little bit light on where you can go with it, but nevertheless not bad.
    Last edited by Gitsnik; 05-12-2010 at 12:05 AM.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member skidmarq's Avatar
    Join Date
    Jan 2010
    Posts
    88

    Default Re: Hacking IIS via WebDAV

    Thanks for the feedback, Gitsnik, much appreciated! While I was writing it, I thought it would be a good idea to leave it where I left it so the readers could play around a bit with their own personal privilege escalation techniques...

    I've read some very interesting blogs recently the delve into this very topic
    I got 99 problems but the bits ain't one...

  4. #4
    Moderator fancy's Avatar
    Join Date
    Jan 2010
    Posts
    204

    Default Re: Hacking IIS via WebDAV

    Nice blog skidmarq but please change that picture.......uuurrgh

  5. #5
    Moderator firebits's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    353

    Default Re: Hacking IIS via WebDAV


  6. #6
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: Hacking IIS via WebDAV

    Thanks for the tutorial. For those curious where the webdav_test auxiliary module is, you can get it here.

    edit: Sorry, should have read further down to firebits' post. I double posted the webdav_test module.

    Out of curiosity, does Nessus check for the webdav directory writable vulnerability?
    Last edited by Liuser; 05-16-2010 at 03:21 AM.

Similar Threads

  1. DICA: DAVTest Teste Rapido & Exploits para WebDAV Servers
    By firebits in forum Tutoriais e Howtos
    Replies: 0
    Last Post: 04-28-2010, 03:27 PM
  2. GSM hacking
    By prowl3r in forum OLD Pentesting
    Replies: 2
    Last Post: 12-30-2009, 08:48 PM
  3. RDP hacking
    By playtrack in forum OLD BackTrack 4 General Support
    Replies: 2
    Last Post: 08-24-2009, 11:26 PM
  4. Hacking WPA
    By imported_Infinite in forum OLD BT3final Support
    Replies: 11
    Last Post: 08-17-2009, 04:44 PM
  5. NAT hacking.
    By blackglasspirate in forum OLD Pentesting
    Replies: 6
    Last Post: 12-05-2007, 11:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •