WebDAV Exploitation

Davtest

Used to scan, authenticate and exploit a WebDAV server.

davtest -auth <user>:<password> -url http://<ip>/webdav

tries to upload various files extention and test the execution for each of them.

Cadaver

Supports file upload, download, on-screen display, in-place editing, namespace operation (move/copy), collection creation and deletion, property manipulation, and resource locking on WebDAV servers

# Connect to the webdav server, asks for username and password
cadaver http://<ip>/webdav

# WebDAV prompt
dav:/webdav/>

# WebDAV Commands:

# Uploads a file
put <filename>

Last updated 11 months ago