Note | Knowledge Garden

Sometimes the directory is called 'DAV'
Tools used to exploit: [[Cadaver]] [[Davtest]]

To perform a Brute Force attack on it using Hydra:

hydra -L <Users_list> -P <Passwords_list> <Target_Domain_or_IP> http-get <login_forum_location>
Exampe: hydra -L /usr/share/wordlists/metasploit/common_users.txt -P /usr/share/wordlists/metasploit/common_passwords.txt 10.10.15.15 http-get /webdav/

After gaining access to the login page we can now upload malicious files to send commands to the machine.

Using msfconsole for an automatic shell
Manully Using [[msfvenom⚕️]]

To perform a Brute Force attack on it using Hydra:

After gaining access to the login page we can now upload malicious files to send commands to the machine.

Using msfconsole for an automatic shell

Manully Using [[msfvenom⚕️]]