Results 1 to 4 of 4

Thread: DAVTest: Test fast and exploits for WebDAV Servers

  1. #1
    Moderator firebits's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    353

    Lightbulb DAVTest: Test fast and exploits for WebDAV Servers

    In a WebDAV enabled, there are two things to quickly discover:

    1) if you can upload files,
    2) and if so, if you can run code

    DAVTest help answer these questions, as well as a pentest allow quick access to the host. DAVTest tries to load the test file extension of different types (eg. "Php" or. "Txt"), checks if these files were sent successfully and then it can be run on the server.

    It also lets you upload plain text files and then try to use the MOVE command to rename them in an executable format.

    Assuming you can upload an executable file, a test file is not good for the server, then DAVTest can automatically download a fully functional shell. It comes with scripts for PHP, ASP, ASPX, CFM, JSP, CGI, PL, and a file that you can test in a certain directory or let upload any backdoor you want.





    DAVTest was coded in PERL and is under the GPLv3 license.


    Source: Sunera Information Security Blog


    Adapted and translated by firebits

  2. #2
    Just burned his ISO sl33p's Avatar
    Join Date
    Jan 2010
    Posts
    19

    Default Re: DAVTest: Test fast and exploits for WebDAV Servers

    Just tried out and the following error appeared:

    #./davtest.pl -url https://XXX.XXX.XXX.XXX/ -sendbd auto

    Can't locate HTTP/DAV.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./davtest.pl line 30.
    BEGIN failed--compilation aborted at ./davtest.pl line 30.
    How do I install "HTTP/DAV.pm"?
    I guess that's a missing perl module.
    I'm running BT4, the first one, not the R1 edition.

    Thanks in advance!
    "If you can't describe what you are doing as a process, you don't know what you're doing."
    W. Edwards Deming

  3. #3
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: DAVTest: Test fast and exploits for WebDAV Servers

    i Too get that same error, i tried to install the HTTP:AV module from inside the CPAN but no luck still. anyone can point me in the right direction please?

    kind regards

  4. #4
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Re: DAVTest: Test fast and exploits for WebDAV Servers

    cpan -i HTTP::DAV

    This pulls in other dependencies, once complete type: perl davtest.pl
    Works fine here with no errors so far.
    I may have been born with a silver spoon in my mouth but it does not mean I like to be spoon fed.

Similar Threads

  1. Hacking IIS via WebDAV
    By skidmarq in forum BackTrack Howtos
    Replies: 5
    Last Post: 05-16-2010, 03:19 AM
  2. DAVTest: Teste rápido e exploits para WebDAV Servers
    By firebits in forum Tutoriais e Howtos
    Replies: 0
    Last Post: 05-12-2010, 10:56 AM
  3. DICA: DAVTest Teste Rapido & Exploits para WebDAV Servers
    By firebits in forum Tutoriais e Howtos
    Replies: 0
    Last Post: 04-28-2010, 03:27 PM
  4. SQL Servers
    By MutantKeyboard in forum Beginners Forum
    Replies: 2
    Last Post: 03-25-2010, 09:51 AM
  5. Why does fast-track.py only goes for win exploits ?
    By edika in forum OLD Newbie Area
    Replies: 1
    Last Post: 02-25-2008, 02:07 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •